On 08/28/10 02:36, Michael Smith wrote:
Rather than the normal case of a client certificate belonging to the user, and
just added to the certificate store, we want to have a certificate that
nominally belongs to the application, and is secret from the user (strange, but
that's what I'm stuck with).
The specific requirements are that we not store it unencrypted in the
filesystem - and simply setting a password on the key db isn't an option, as
that would interfere with the _user's_ use of the key db for any of their
certificates, and that it must not be available in the UI (so we want to
somehow hide it from the 'View Certificates' UI - or at least not be exportable
from there).
Hello, Michael.
Would this work ?
1) hardcode the cert. and the priv. key into your app. binary (maybe
hidden/masked/...)
2) at run time, import them into NSS softoken as ephemeral (session) objects.
Regards,
--
Konstantin.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
