On Sep 7, 6:55 am, Konstantin Andreev <andr...@swemel.ru> wrote:
> On 08/28/10 02:36, Michael Smith wrote:
>
> > Rather than the normal case of a client certificate belonging to the user, 
> > and just added to the certificate store, we want to have a certificate that 
> > nominally belongs to the application, and is secret from the user (strange, 
> > but that's what I'm stuck with).
>
> > The specific requirements are that we not store it unencrypted in the 
> > filesystem - and simply setting a password on the key db isn't an option, 
> > as that would interfere with the _user's_ use of the key db for any of 
> > their certificates, and that it must not be available in the UI (so we want 
> > to somehow hide it from the 'View Certificates' UI - or at least not be 
> > exportable from there).
>
> Hello, Michael.
>
> Would this work ?
>
>    1) hardcode the cert. and the priv. key into your app. binary (maybe 
> hidden/masked/...)
>
>    2) at run time, import them into NSS softoken as ephemeral (session) 
> objects.

Konstantin,

That looks like pretty much what I want to do - but I've been unable
to figure out how to do part (2) there. Many of the NSS APIs are not
terribly well documented. Any pointers to sample code or even just to
the relevant functions would be very helpful.

Mike


-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to