Hello all,

I have a keys database file (key3.db) and need to export a private key from it, but can not do this. Some information about the database

certutil.exe -U -d .

gives following output

    slot: NSS User Private Key and Certificate Services
   token: NSS Certificate DB

    slot: NSS Internal Cryptographic Services
   token: NSS Generic Crypto Services

certutil.exe -L -d .

gives empty output (empty line) and

certutil.exe -K -d .

gives following output

<0> AAA-update-key
<1> BBB-update-key
<2> CCC-update-key

In other words I have a database with private keys but without certificates (the database was created by McCoy tool). To export key I tried to use pk12util. In the command line I have to specify certificate name (-n option), but I don't have any. I tried following commands:

pk12util -o keys.p12 -n "" -d .  # use empty certificate name
pk12util -o keys.p12 -n "0" -d .  # use keyID instead of certificate name
pk12util -o keys.p12 -n "<0>" -d . # use keyID in angle brackets instead of certificate name

but always got the same error message

find user certs from nickname failed: security library: bad database.

So the question is: is there any way to export private keys from such database (probably smbd had similar problem with McCoy)?

Thank you in advance.

Best regards,
dev-tech-crypto mailing list

Reply via email to