If implementing the above function is a problem with the new NSS, I would recommend a new function exported in the nss3.dll named PK11_ImportDERCertForKeyToSlot with the same parameters as the current PK11_ImportCertForKeytoSlot, except replacing the cert parm with the SECItem DERCert parm and adding one more for the creating the trust, such as "u,u,u".
This would allow those that have a need to create a "dummy certificate" to associate with a public/private key to be able to create a signed DER certificate and allow it to be associated with the public/private keys generated on a hardware token and or the internal token. From what I can tell, there a several internal NSS utilities and examples that need this type of function, as well as those of us who desire to add SSH public/private key support within NSS. Ken
