When you wrap a private key, you supply the symmetric key used to wrap it. The key can come from anywhere. You could simply generate it from random bits, but, yes, it is common to use a key derived from a password. Check out http://lxr.mozilla.org/security/source/security/jss/org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java#139 for an example of this in JSS. You can see the NSS calls in http://lxr.mozilla.org/security/source/security/jss/org/mozilla/jss/pkcs11/PK11KeyGenerator.c#274
- Re: PK11_GenerateKeyPair Robert Relyea
- PK11_GenerateKeyPair Patrick
- Re: PK11_GenerateKeyPair Jamie Nicolson
- Re: PK11_GenerateKeyPair Patrick
- Re: PK11_GenerateKeyPair Jamie Nicolson
- Re: PK11_GenerateKeyPair Patrick
- Jamie Nicolson
