I'm afraid PKCS#8 *does* allow for protecting private-keys with
passwords, but you have to explicitly choose the ASN type when
creating the file.  Details can be found at:

While NSS itself has no use for the PKCS#8 format (since it stores
private-keys in the key3.db file, which is already protected with
a password), our open-source CSRTool uses the EncryptedPrivateKeyInfo
ASN type to protect the RSA/ECDSA keys in the PKCS#8 file.

The reason we use the PKCS#8 format is only because, in the multi-step
process of generating a key-pair, creating a CSR and getting a digital
certificate from an internal/external CA, the private-key needs to be temporarily stored securely until a CA issues the digital certificate.
At that time, the cert is combined with the keys to create a PKCS#12
file.  We chose PKCS#8 since it was a simpler Java exercise for us.

It's possible that NSS chose to not support the export of the keys
in PKCS#8 format for other reasons, but I don't believe it would be
because it poses a security risk - the PKCS12 file is subject to the
same risks as PKCS8 since it has the same level of protection: PBE
using a 3DES key.

For the person who's trying to export the key:

It is possible to write a little Java (or C if you prefer it) program
to read the NSS keystore, extract the key-pairs (assuming they are
legible and not corrupt in any way) and export them as PKCS#8 files.
If you go with Java, then much of the sample code can be derived from
a combination of specific modules of our open-source tools - StrongKey
(which has code that uses the NSS keystore) and CSRTool (which has the
P8/P12-related sources).  Both tools are available at
and a forum exists there for support on both tools.  Good luck.

Arshad Noor
StrongAuth, Inc.

Nelson Bolyard wrote:

The NSS team participated in the process of defining PKCS#12 precisely
to avoid the security trap of exporting private keys in PKCS#8 format.
Avoiding that trap is precisely why PKCS#12, and not PKCS#8, is THE only
format for private key transport supported by all of NSS, Microsoft and OpenSSL.
dev-tech-crypto mailing list

Reply via email to