Ron Lin wrote: > > I'm trying to complete a certificate generation utility that works with > Netscape's <keygen> tag... NS generates a SPKAC (signed public key and > challenge), while the NSS certificate libraries have fucntions that accept > public keys as input parameters... how can i generate a cert for NS under > these circumstances? > > (1) can i extract the public key from the SPKAC programmatically using > something from NSS? > > (2) anyone familiar with any other utility to extract the public key from an > NS SPKAC?
NSS sources include a play test CA program that generates certs from the SPKAC. You can read the sources at http://lxr.mozilla.org/mozilla/source/security/nss/cmd/certcgi/certcgi.c#526 At the URL cited above, you'll see a call to SECKEY_ConvertAndDecodePublicKeyAndChallenge() and also to CERT_CreateCertificateRequest(). The code then builds the cert from the request. Looks to me like SECKEY_ConvertAndDecodePublicKeyAndChallenge() is not publicly exported from nss3.dll, but now might be a good time to request that feature for NSS 3.4. > i'm using the java implementation of NSS to build the cert tool, so anything > in java would be very much preferred... Sorry, certcgi.c is all c code. > thanks, > Ron -- Nelson Bolyard Netscape Communications (subsidiary of AOL) Disclaimer: I speak for myself, not for Netscape
