Well first, you need to Initialize NSS with a read/write database.
NSS_NoDBInit specifically does not open any databases. If you are going
to do persistant cert and key operations, you need to use NSS_Init or
NSS_InitReadWrite (in your case you need the latter).
Next, SECKEY_CreateRSAPrivateKey is used to create effemeral keypairs,
want you want is PK11_GenerateKeyPair(). This will create a persistant
keyPair in your database.
Since the low level parts of NSS are primarily used to support higher
level functions like SSL and S/MIME, there really isn't a good way to
reference private keys outside of a certificate. The easiest thing to do
is create a certificate using the public key (if you want to make it
selfsigned, you can use the private key returned from the generate call
to sign it) and use PK11_ImportCertForKeyToSlot() to load the
certificate. From then on you can look up the key using the certificate
(PK11_FindKeyByAnyCert). A better way would be to create a cert request
and have a CA sign your user cert. You can find examples of all of these
functions in mozilla/security/nss/cmd/certutil
bob
Terry Matson wrote:
> I'm using the following code to create an RSA key pair. After
> creating the keys, I would like to store them in our application
> database. I will also need to retrieve those keys to sign and verify
> hash values. Can someone point me in the right direction regarding
> storage/retrieval of raw keys.
>
> Thanks,
>
> Terry
>
>
> -----
>
> int main()
> {
> SECKEYPrivateKey *priv_key=NULL;
> SECKEYPublicKey *pub_key = NULL;
>
> NSS_NoDB_Init("/home/thm/KeyTest");
>
> priv_key = SECKEY_CreateRSAPrivateKey(640, &pub_key, NULL);
>
> if (priv_key == NULL) {
> printf("priv_key == NULL\n");
> }
>
> /* Need to save public and private keys to a db here */
>
> NSS_Shutdown();
>
> return(0);
> }
>
