Nelson B. Bolyard wrote:
> A few comments:
>
> First, to do the encryption (at least with S/MIME) you need more than the
> public key, you need the entire public key certificate chain.
There is also additional information that S/MIME stores that it 'needed'
to do encryption, the S/MIME profile. This profile is included in all
S/MIME messages. There are rules for generating an S/MIME profile if you
don't have one, based on the user's public key (is the modulus 512 bits
or less? then assume the profile is RC2-40 only, is the modulus greater
than 512 bits, assume the profile is Triple-DES and RC2-40).
One of the formats Dan is referring to is an empty signed S/MIME message
which includes the whole certificate chain and the S/MIME profile. The
other format is the generic "Here's the user certificate", which any
application should be able to grab.
Communicator will read from either of these, but prefer the S/MIME
version for retrieving an S/MIME message.
bob
>
> There's a certificate database (cert*.db) that contains public key certs,
> including trusted CA certs; and there's an encrypted private key DB (key*.db).
>
