Alex Wight wrote:In dual-key implementations, where the encryption key pair is escrowed at the CA, it is necessary to download the encryption keys upon initial registration and also upon any subsequent key recovery operations.
NSS supports CRMF and CMMF, which in turn support encryption key escrow at cert request time,. I think mozilla supports it, but not sure.
It does when you use crypto.generateCRMFRequest
This api is documented in the now hard to find cmcjavascriptapi.html (used to be in the now gone iplanet doc).
One the still possible way to obtain it, is to get somewhere a copy of a mozilla-psm-0.8.1 rpm, to explode it, and the file is inside.
As this is implemented by the browser, the doc should be owned by mozilla.org, but unfortunately the only copy seems to be with CMS instead.
I hope RedHat make public their version of CMS and the associated doc soon. _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
