Alternatively do the key-gen done in the client and have the client (or agent) create the p12 package for the encryption-key, lock it, and export it up to the server (with a password generated by the escrow agent or agents or otherwise encrypted to the escrow agent or agents if you want stronger recovery controls and audit).
_______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
