[EMAIL PROTECTED] wrote:
I can't find a direct support. But the are similarities among CRMF and
PKCS10. Both of them are certificate requests.
But very different in the detailed content. There are several advantages
in using generateCRMFRequest() to generate request and it's definitively
the method that has a future. But for compatiblity reasons, you
apparently will need to stay with the keygen tag.
Maybe I can add missing properties or extentions to CRMF request to get
a PKCS10 request. And then go on with openssl ca ...
You can't because the PKCS10 request is signed.
Technically, you could extract the required bit from the CRMF request
(you'd need to define everything that's needed to decode this specific
der format that is unknown to openssl at present thought), and put them
in a PKCS#10 request, but you couldn't sign the PKCS#10.
But if you were to do something that complex, you could just as well
directly add CRMF support in openssl. Which would be nice.
_______________________________________________
mozilla-crypto mailing list
mozilla-crypto@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-crypto
