Prasad wrote:
Hello all, Can we convert the CRMF requests to PKCS10 requests on the server...
sort of. all except the signature.
while going through the sources of nss command utility 'crmfcgi' I realized that the CERT_CertificateRequest structure is a PKCS10 structure,
A DECODED PKCS10 structure, Yes.
and does that mean that the function 'initOldCertReq' in crmfcgi.c creates
a PKCS10 request from the CRMF request?
Not exactly. Both CRMF requests and PKCS10 cert requests have components in common, such as the "subject public key info" and the "subject name".
The for loop at http://lxr.mozilla.org/mozilla/source/security/nss/cmd/crmf-cgi/crmfcgi.c#945
extracts those common components from a CRMF cert request, and creates a
structure that represents a DECODED PKCS10 structure from it, then passes
that DECODED structure to a function that creates a cert based on a DECODED
PKCS10 structure.
But that's not quite the same thing as creating a PKCS10 request from a CRMF request. In particular, the part you can't do is create the signature in the PKCS10 request from teh signature in the CRMF request.
dunno if this solves your problem or not.
> If not, is there anyway to create a PKCS10 from CRMF?
thanks, Prasad.
-- Nelson B 12345678901234567890123456789012345678901234567890123456789012345678901234567890 00000000011111111112222222222333333333344444444445555555555666666666677777777778 _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
