Kaspar Brand wrote, On 2008-12-27 03:21: > Michael Ströder wrote: >> I personally don't know whether the current Mozilla implementation of >> crypto.generateCRMFRequest includes the private key of an encryption >> cert. > > Only if you tell it do so, and only if it's a key-exchange-only key. [1] > Additionally, an "Encryption Key Copy" warning dialog will be presented > when key escrow is attempted - try the attached demo. [2]
> [1] https://developer.mozilla.org/en/GenerateCRMFRequest > > [2] Caveat: may leave you (or your cert DB, more precisely) with > a lot of orphan keys, if used generously - i.e. it's probably better > to use it with a separate profile. Kaspar, Thanks for this information and demo. I had been told that this dialog exists, but I had never seen it before your demo. I'd like to see this demo go into a page on a mozilla web site, such as (say) developer.mozilla.org. I also think we need a page or two on developer.mozilla.org that fully documents both the <keygen> tag and the crypto.generateCRMFRequest method. The existing documentation is very incomplete. The <keygen> tag, for example, accepts many more arguments than are now publicly documented. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto