Kyle Hamilton wrote, On 2009-04-23 14:02: > Is there a pk1util that would allow for PKCS#1 management? I think > that would be more useful than requiring a self-signed public key > wrapper for pk12util.
Private key storage is not within the scope of PKCS#1. It is covered by PKCS#8. NSS supports PKCS#8 fully, but deliberately refuses to allow "bare" private keys to be exported in PKCS#8 format. This is not a new policy decision, and goes back over 10 years. MUCH has been written on that. I encourage you to read through the archives about it. The NSS team participated in the process of defining PKCS#12 precisely to avoid the security trap of exporting private keys in PKCS#8 format. Avoiding that trap is precisely why PKCS#12, and not PKCS#8, is THE only format for private key transport supported by all of NSS, Microsoft and OpenSSL. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
