Ok thanks, will try to switch over to using PK11_ImportEncryptedPrivateKeyInfo() or PK11_ImportDERPrivateKeyInfo(). Do commercial NSS apps also use PK11_ImportDERPrivateKeyInfo()?
-- POC "Robert Relyea" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Not off the top of my head. > The function is not commonly use. Most commercial NSS applications use > PK11_ImportEncryptedPrivateKeyInfo() to import keys, so the level of > support on the other ImportPrivateKeyInfo functions is pretty low. > > bob > > Patrick wrote: > > The PK11_ImportPrivateKeyInfo sometimes fails with: "an I/O error occurred > > during security authorization". This happens when I import a key, then > > delete it, and then import again, all this in the same session. Any idea > > why? > > > > -- POC > > > > > > "Robert Relyea" <[EMAIL PROTECTED]> wrote in message > > news:[EMAIL PROTECTED]... > > > >>There are several functions exported by the nss3.dll, including > >>PK11_ImportDERPrivateKeyInfo. The reason none of them are on exported > >>list is simply because I haven't had time to really vet any of those > >>functions for their suitability for general use. > >> > >>In some sense, since we didn't rename the function to __PK11_xxxx, there > >>is some tacit support for the function, and now that the 3.4 change is > >>made, those functions are likely to be more stable. > >> > >>The caveat is the non-encrypted versions of PK11_ImportXXXPrivateKeyInfo > >>are not guarrenteed to always work. FIPs tokens do not allow direct > >>import of private keys (they need to be wrapped). This case is > >>relatively rare, and as long as you know about it, then using the > >>function should be fine. > >> > >>bob > >> > >>Patrick wrote: > >> > >>>Hello, > >>> > >>>There seems to be no function for importing a private key function in > >> > > the > > > >>>new public API. Why isn't a function like PK11_ImportDERPrivateKeyInfo > >> > > not > > > >>>exported in the API? > >>> > >>>-- POC > >>> > >>> > >> > > > > >
