John wrote:
Thanks for reply.
later on i did try pk12util and certutil before you gave this mail. First I
used keytool to export the a specific alisa in keystore in storetype pkcs12.
Then I used both pk12util and certutil for import this pkcs12 file. In case
of certutil, it successfully import the cert, but when signing, there is
error message says: cannot find private key. In case pk12util, import fails.
What's the right way? When use java keytool exports pkcs12 file, does it
contains private key. Some source says difference.
Anyone can help clear my mind? thanks.
certutil is incapable of importing pkcs12 files.
If you imported a file with certutil, that file was NOT a pkcs12 file.
It was probably a plain certificate.
You must import the private key. signatures are made with private keys.
They are verified with certs. Until you succesfully import your
private key into key3.db with pk12util, you will not be able to sign
with signtool.
_______________________________________________
mozilla-crypto mailing list
mozilla-crypto@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-crypto
