hi, On Jan 26, 2012, at 6:28 PM, Robert Relyea wrote:
> On 01/26/2012 05:08 AM, weizhong qiang wrote: >> hi, >> Is there a fact that nss does not permit the reading of the attribute >> CKA_PRIVATE_EXPONENT, CKA_PRIME_1, etc.? >> Because with all of the eight attributes, it is possible to compose the >> content of the private key, but the outputting of private key is not allowed >> in nss? >> >> Thanks and Best Regards, >> Weizhong Qiang > These are private attributes. You are correct, applications aren't allowed to > get them. It's bad security hygene to access private cryptographic components > in the application itself, thought it's almost the first thing new crypto > programmers try to do. > > My real question here is Why do you want to get the CKA_PRIVATE_EXPONENT? I need to get CKA_PRIVATE_EXPONENT and some other private attributes, in order to compute the private key, so as to output this private key without encryption. I just knew that nss itself does not support the outputting of private key without encryption. The outputting of private key that nss support is only the pk12 that requires encryption of private key. I reason I want to do this is that I use the certificate in nss softoken to sign a proxy certificate (rfc 3820), and then I need to output the private key (generate by nss) that is relevant to this proxy certificate. Best Regards, Weizhong Qiang > > bob > > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
