On Wed, 17 Dec 2003 14:40:11 +0000, Thomas Pornin wrote: > According to Sylvain Cuaz <[EMAIL PROTECTED]>: >> So that is mozilla that generates a key pair and Thawte never sees my >> private key ? > > Yes. Mozilla (actually its "NSS internal PKCS#11 module") generates the > key pair, and sends to Thawte the "certificate request", which contains > the public key and your "identification" (mostly your email address). > Thawte then performs some procedure to make sure that it is indeed your > certificate request (Thawte sends you an email). Then Thawte produces > your certificate (which contains your identification, your public key > and the Thawte signature) and sends it back to you. Mozilla stores that > then certificate with the private key. > > External security devices (e.g., smartcards) can be plugged in Mozilla > as add-on PKCS#11 modules; in that situation, the key pair is generated > on the device, and the private key never gets out of the device.
thanks a lot, that was exactly what I was looking for :-) _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
