In the newsgroup netscape.public.mozilla.crypto, Uriel Ginsburg wrote: > > Suppose I have raw, DER-encoded RSA key pairs, > How would I go about importing those into NSS, if it is at all possible? > > My problem, basically, is migrating from another security library to NSS, > while all the information I have is the raw key data. Eventually, I want to > take raw, 2048 RSA key pairs and generate certificates out of them with NSS. > If anyone could give me just references to names of functions, I would be > very thankful. (Writing this after having plowed immensely through the > undocumented code). > > Thanks in advance, > Uriel Ginsburg > > [EMAIL PROTECTED] > mailto:[EMAIL PROTECTED]
I think the steps you need to go through for each key pair are roughly these: 1. import the raw RSA private key (which includes the public key info) into the NSS internal "DB" PKCS#11 token. 2. Find a CA that will issue a cert (preferred), or alternatively setup your own CA (okay for testing or in-house use only). 3. generate a cert signing request (CSR) for the chosen CA. There are multiple formats and protocols by which this can be done, depending on the chosen CA. 4. send the CSR to the CA and get the cert back. 5. import the cert into the same internal DB PKCS#11 token. If your DER-encoded private key is a "PrivateKeyInfo", then the function you want to import it is PK11_ImportPrivateKeyInfo(). Please post any followup messages in the newsgroup. Thanks. -- Nelson Bolyard Netscape Communications (subsidiary of AOL) Disclaimer: I speak for myself, not for Netscape
