Patrick wrote: >OK I can wrap the private key. If I then extract it, will this then give me >an object which I can manipulate to extract the private key value (the raw >bytes)? Or can this wrapped key only be extracted to be be then installed >another token (actual values are still inaccessible)? > In theory, you could decrypt the wrapped key (treating it like encrypted data) and decode the ASN.1 blob (I believe it's an EncryptedPrivateKeyInfo) and pull out the key bytes. You'd have to write this code yourself, as there is no one function to do it for you.
>Also, when you say the functionality is not supported, do you mean in the >official API or not at all in NSS? > I don't think it's supported at all. I don't see any function in pk11func.h or key.h that does this. Dare I ask: why do you need this functionality? Keep in mind that NSS is not an all-purpose crypto toolkit. It generally only supports those operations that the NSS team considers are required to implement responsible applications. An application that plays with key material outside the boundary of the cryptographic service provider is not considered responsible.
