Tom wrote: > > My question is how Netscape 6.2.* handles this kind of stuff. At first sight > Netscape 6.2.1 passes the test: I have imported a self generated client > certificate into Netscape 6.2.1 and use it to visit my test-webserver which > requires both server and client authentication. After that, my > PhysicalMemoryScanner doesn't seem to find the private key. So I would like > to ask you all if special care was taken to avoid that the private key shows > up plain-text in memory ?
Yes. NSS (the crypto libraries used in Netscape 6.2.*) keeps its private keys "wrapped" (encrypted) until actually needed. Wan-Teh
