Ok thanks. Now I'd like to dump out the key values: if I use NSS_NoDBInit(),
how do I dump out the private key value? I would need to be able to convert
from a SECKEYPrivateKey to convert a SECKEYLowPrivateKey, but I can't find a
function to do that. I see certutil has a DumpPublicKey and
If I use PK11_GenerateKeyPair with isPerm and isSensitive parameters set to
FALSE, then I understand that the key is extractable (not tied to a token):
how does one then extract the actual private key value from the object
returned, which is of type SECKEYPrivateKey?
-- POC
I don't think there is any way to do this. I wanted to provide it in JSS
to implement the JCA KeyFactory class, but Bob Relyea said he didn't
want to support this functionality because there is no legitimate reason
for doing it.
Private keys can be extracted if they are first wrapped with a
OK I can wrap the private key. If I then extract it, will this then give me
an object which I can manipulate to extract the private key value (the raw
bytes)? Or can this wrapped key only be extracted to be be then installed
another token (actual values are still inaccessible)?
Also, when you
Chris,
Chris wrote:
Sure, I can take a look when I get a chance. If you have some pointers
of where to look first that might be helpful. I don't know when I'll
get around to doing this though.
I'm currently using Mozilla RC3 on Debian Linux and Win32. Debian
version is the Debian
Patrick wrote:
OK I can wrap the private key. If I then extract it, will this then give me
an object which I can manipulate to extract the private key value (the raw
bytes)? Or can this wrapped key only be extracted to be be then installed
another token (actual values are still inaccessible)?