Arshad Noor wrote:
The reason we use the PKCS#8 format is only because, in the multi-step
process of generating a key-pair, creating a CSR and getting a digital
certificate from an internal/external CA, the private-key needs to be
temporarily stored securely until a CA issues the digital certificate.

It's technically feasible (it does not break the format) to create a private key only pkcs#12, but I don't know if the NSS API around pkcs#12 supports it.

dev-tech-crypto mailing list

Reply via email to