Oh, well, I understood that Dave used his Mozilla browser only to navigate to the CA website and click the "Buy Now" button, not to generate his own private key and CSR.
Can Firefox generate private keys? I though that none of the NSS functionality (except for signing and verifying text) was exported to the rest of the Mozilla platform through XPCOM. I learnt that from another posting in this mailing list, I believe. > I didn't read anything that suggested that he didn't generate his own > private keys. Yes, I might have been wrong here. But, the point was that the key was generated outside his TPM (which is the same as what you are saying). I was trying to go down to the basics and figure out how exactly Dave's private key got associated with his TPM and why possibly the key wouldn't be available through PKCS#11. I think that by now we agree that the key was generated externally (by Dave or his CA), then Dave got his certificate and imported it to the ProtectTools utility, which had the TPM generate a wrapping key and encrypt Dave's key with it. ProtectTools then stored the encrypted key on the harddisk. Yes, I agree that if everything works fine, these details should be hidden by the PKCS#11 API. Regards, Peter _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
