On Fri, 8 Oct 2004, Julien Pierre wrote: >pk12util will work cert8.db as well, if you use the correct build of it, >which is dynamically linked to NSS. >The NSS 3.9 version of pk12util will work fine.
Is there a good way to determine what version or build a compiled binary is from? There doesn't seem to be a version flag and the version does not appear as an ASCII string in all of the tools. Incidentally, the certutil that Sun is distributing these days claims to be from NSS 3.3.10. Is there such a thing or did they just go off on their own branch? $ strings /usr/sfw/bin/sparcv9/certutil |head -2 $Header: NSS 3.3.10 Mar 25 2004 01:04:11 $ @(#)NSS 3.3.10 Mar 25 2004 01:04:11 >> symkeyutil is built by default in the >> nss build, but doesn't seem to be currently working right. > >How so ? What type of key were you trying to use with it ? bash-2.05$ nss-3.9.2/mozilla/dist/SunOS5.9_64_DBG.OBJ/bin/certutil -N -d test Enter a password which will be used to encrypt your keys. The password should be at least 8 characters long, and should contain at least one non-alphabetic character. Enter new password: Re-enter password: bash-2.05$ nss-3.9.2/mozilla/dist/SunOS5.9_64_DBG.OBJ/bin/certutil -G -n test -z /tmp/seed -d test Enter Password or Pin for "NSS Certificate DB": Generating key. This may take a few moments... bash-2.05$ nss-3.9.2/mozilla/dist/SunOS5.9_64_DBG.OBJ/bin/certutil -K -d test Enter Password or Pin for "NSS Certificate DB": <0> bash-2.05$ nss-3.9.2/mozilla/dist/SunOS5.9_64_DBG.OBJ/bin/symkeyutil -L -d test Enter Password or Pin for "NSS Certificate DB": bash-2.05$ nss-3.9.2/mozilla/dist/SunOS5.9_64_DBG.OBJ/bin/symkeyutil -E -k key -i 0 -d test symkeyutil invalid key ID (0). bash-2.05$ nss-3.9.2/mozilla/dist/SunOS5.9_64_DBG.OBJ/bin/symkeyutil -K -d test Enter Password or Pin for "NSS Certificate DB": symkeyutil: Token Key Gen Failed symkeyutil: security library: received bad data. Enter Password or Pin for "NSS Certificate DB": Enter password for PKCS12 file: pk12util: PKCS12 IMPORT SUCCESSFUL bash-2.05$ nss-3.9.2/mozilla/dist/SunOS5.9_64_DBG.OBJ/bin/certutil -L -d test ca cert c,c, test1 u,u,u bash-2.05$ nss-3.9.2/mozilla/dist/SunOS5.9_64_DBG.OBJ/bin/certutil -K -d test Enter Password or Pin for "NSS Certificate DB": <0> <1> test1 bash-2.05$ nss-3.9.2/mozilla/dist/SunOS5.9_64_DBG.OBJ/bin/certutil -M -d test -n "ca cert" -t CT,C,C bash-2.05$ nss-3.9.2/mozilla/dist/SunOS5.9_64_DBG.OBJ/bin/certutil -L -d test ca cert CT,C,C test1 u,u,u bash-2.05$ nss-3.9.2/mozilla/dist/SunOS5.9_64_DBG.OBJ/bin/certutil -V -d test -n test1 -u C certutil: certificate is valid bash-2.05$ nss-3.9.2/mozilla/dist/SunOS5.9_64_DBG.OBJ/bin/symkeyutil -L -d test Enter Password or Pin for "NSS Certificate DB": bash-2.05$ Also, symkeyutil seems to look for libnssckbi.so in the directory specified by -d. I've never heard of such a thing... >> If I need to to move certs and keys from one set of databases to another, >> how is it done? > >Export the cert and keys to PKCS#12 format, using the version of NSS and >pk12util that support your original database. Is there a way to examine a database to determine which version of the tools to use with it? Eric Irrgang - UT Austin ITS Unix Systems - (512)475-9342 _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
