"Konstantin Andreev" <andr...@swemel.ru> wrote in message
news:qvgdnspmvaho3hvrnz2dnuvz_jsdn...@mozilla.org...
On 08/28/10 02:36, Michael Smith wrote:
Rather than the normal case of a client certificate belonging to the
user, and just added to the certificate store, we want to have a
certificate that nominally belongs to the application, and is secret from
the user (strange, but that's what I'm stuck with).
The specific requirements are that we not store it unencrypted in the
filesystem - and simply setting a password on the key db isn't an option,
as that would interfere with the _user's_ use of the key db for any of
their certificates, and that it must not be available in the UI (so we
want to somehow hide it from the 'View Certificates' UI - or at least not
be exportable from there).
Hello, Michael.
Would this work ?
1) hardcode the cert. and the priv. key into your app. binary (maybe
hidden/masked/...)
2) at run time, import them into NSS softoken as ephemeral (session)
objects.
Maybe that is what his client wants but if they revoke the certificate or
want to change the key the binary becomes useless and must be updated. I
guess they want to create job security for programmers.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
