OK I can wrap the private key. If I then extract it, will this then give me an object which I can manipulate to extract the private key value (the raw bytes)? Or can this wrapped key only be extracted to be be then installed another token (actual values are still inaccessible)?
Also, when you say the functionality is not supported, do you mean in the official API or not at all in NSS? -- Patrick "Jamie Nicolson" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I don't think there is any way to do this. I wanted to provide it in JSS > to implement the JCA KeyFactory class, but Bob Relyea said he didn't > want to support this functionality because there is no legitimate reason > for doing it. > > Private keys can be extracted if they are first wrapped with a symmetric > key; this is the usual way of moving a private key from one place to > another. > > Patrick wrote: > > >If I use PK11_GenerateKeyPair with isPerm and isSensitive parameters set to > >FALSE, then I understand that the key is extractable (not tied to a token): > >how does one then extract the actual private key value from the object > >returned, which is of type SECKEYPrivateKey? > > > >-- POC > > > > >
