Ok thanks. About this wrapped key business: what key is typically used when one wraps a private key when extracted from a token? Is it a key derived from the password (or PIN) used to access the token in the first place?
-- POC "Jamie Nicolson" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Patrick wrote: > > >OK I can wrap the private key. If I then extract it, will this then give me > >an object which I can manipulate to extract the private key value (the raw > >bytes)? Or can this wrapped key only be extracted to be be then installed > >another token (actual values are still inaccessible)? > > > In theory, you could decrypt the wrapped key (treating it like encrypted > data) and decode the ASN.1 blob (I believe it's an > EncryptedPrivateKeyInfo) and pull out the key bytes. You'd have to write > this code yourself, as there is no one function to do it for you. > > >Also, when you say the functionality is not supported, do you mean in the > >official API or not at all in NSS? > > > I don't think it's supported at all. I don't see any function in > pk11func.h or key.h that does this. > > Dare I ask: why do you need this functionality? Keep in mind that NSS is > not an all-purpose crypto toolkit. It generally only supports those > operations that the NSS team considers are required to implement > responsible applications. An application that plays with key material > outside the boundary of the cryptographic service provider is not > considered responsible. >
