<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1">
<title></title>
</head>
<body>
The only test that *exports* private keys is the keys generation test
(testKeys.sh). <br>
I wouldn't mind if this test would be excluded from the test suite all
together<br>
because it is useless anyway. I would be really surprised if NSS has no
way <br>
to import private key in the keys db. At the end, there should be a way
to *put* keys<br>
in key db, shoudn't it? IMHO, the best way is to do read XML file with
keys in keys db<br>
and use keys manager based on keys db.<br>
<br>
Aleksey<br>
<br>
Tejkumar Arora wrote:<br>
<blockquote type="cite" cite="mid3EDD4278.8010806@netscape.com">
<pre wrap="">Hi Aleksey,
The xmlsec test harness uses private keys in the clear in an xml
file, in the form of key components.
NSS has no support for importing/exporting private keys in the clear,
which makes it impossible to use the full test harness without changes.
(see <a class="moz-txt-link-freetext" href="http://bugzilla.mozilla.org/show_bug.cgi?id=207033">http://bugzilla.mozilla.org/show_bug.cgi?id=207033</a> for more info).
Alternatives to cleartext pvt key components in a file are:
- pkcs12 format
- encryptedPrivateKeyInfo format (PKCS8 spec, I haven't looked
at the details of this yet, and I don't know for sure if
other crypto engines have API for this).
- generate, use and discard the private key in a single test instead
of storing the private key in a file and then using it in
multiple tests.
What are your thoughts?.
thanks,
-Tej
_______________________________________________
xmlsec mailing list
<a class="moz-txt-link-abbreviated" href="mailto:xmlsec@aleksey.com">xmlsec@aleksey.com</a>
<a class="moz-txt-link-freetext" href="http://www.aleksey.com/mailman/listinfo/xmlsec">http://www.aleksey.com/mailman/listinfo/xmlsec</a>
</pre>
</blockquote>
</body>
</html>