Yes. I got KeyStore through login() method.
I tested another example.
1. import pfx(pkcs#12) format data (include private key): CertA
2. generate another certificate JSS API
3. import generated certificate with nickname : CertB
4. getCertificateByNickname("CertANickname") is works ok
5. getCertificateByNickname("CertBNickname") is works ok
6. getPrivateKeyByCert(CertA) isn't works
7. getPrivateKeyByCert(CertB) is works ok
The difference between CertA and CertB is that CertA is CACerts and CertB is
Certs.
Keys:
UniqueID: -372271904617143425344109813470305848694280946854
UniqueID: 378529106678756258866150402244775195236504039535
UniqueID: 462887797772732391472542599934421183527115666909
Certs:
Name: yyyy
UniqueID: 378529106678756258866150402244775195236504039535
CA Certs:
Name: xxxx
UniqueID: 462887797772732391472542599934421183527115666909
"Jamie Nicolson" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> findPrivKeyByCert should work. One thing that must happen in order to
> find the key is you must authenticate to the token that holds the key
> and cert. Did you program prompt you for a password at any time? Or did
> you call CryptoToken.login() manually?
>
> UniqueID is deprecated because it is an implementation detail of NSS.
> NSS has this hack builtin to be able to find a key from its certificate.
> The UniqueID is not part of the certificate, it is a separate piece of
> information stored alongside the certificate. In my opinion, this
> function does not need to be performed by NSS. The application should be
> able to remember by its own means which key to use. Unfortunately, there
> is currently no public index or label that can be used to identify a
> key. This will be fixed when we implement the Java KeyStore API.
>
> Myongki Kim wrote:
>
> >hi..
> >
> >first, i don't know whether this problem is real library error. if not,
> >sorry.
> >
> >i wrote java program like this,
> >
> >1. import pfx(pkcs#12) format data (include private key)
> >2. i confirm that data saved in cryptostore( Keys Unique ID is the same
ID
> >as CA Certs ID)
> >
> >Keys:
> >UniqueID: -372271904617143425344109813470305848694280946854
> >UniqueID: 378529106678756258866150402244775195236504039535
> >UniqueID: 462887797772732391472542599934421183527115666909
> >
> >CA Certs:
> >Name: xxxx
> >Issuer: CN=CrossCert SC Class 1 Individual Subscriber CA, OU=Terms of use
at
> >ht
> >ps://www.crosscert.com/RPA (c)99, OU=VeriSign Trust Network, O="KECA,
Inc."
> >UniqueID: 462887797772732391472542599934421183527115666909
> >SSL Trust: 8
> >Email Trust: 8
> >OS Trust: 8
> >
> >3. finally, i call findPrivKeyByCert(x509cert a) function with above
> >certificate but i cannot found private key.
> >
> >what's wrong?
> >
> >if i program without findPrivKeyByCert(), i read cert's uniqueID,read
keys
> >in cryptostore, find keys that cert's UID is the same as private key's
uid.
> >but in jss api document, PrivateKey.getUniqueID() was deprecated.
> >
> >how can i find private key by certs without deprecated method ?
> >
> >
> >
> >
>
>
