[xmlsec] xmlsec tests use private keys in the clear

Tejkumar Arora tej@netscape.com
Tue, 3 Jun 2003 17:51:04 -0700


Hi Aleksey,

The xmlsec test harness uses private keys in the clear in an xml
file, in  the form of key components.

NSS has no support for importing/exporting private keys in the clear,
which makes it impossible to use the full test harness without changes.
(see http://bugzilla.mozilla.org/show_bug.cgi?id=207033 for more info).

Alternatives to cleartext pvt key components in a file are:
    - pkcs12 format
    - encryptedPrivateKeyInfo format  (PKCS8 spec, I haven't looked
      at the details of this yet, and I don't know for sure if
      other crypto engines have API for this).
    - generate, use and discard the private key in a single test instead
      of storing the private key in a file and then using it in
      multiple tests.

What are your thoughts?.

thanks,
-Tej