Erwann ABALEA wrote: > Probably a limitation of the actual browsers. But you might want to check > Mozilla 1.0, which seems to be able to save a bunch of private > key/certificate pairs at once. I haven't tested this functionality, but it > might be possible that there's only one output file, and that this file is > a in PKCS#12 format. >
I will try this, thanks for the reference. I noticed in MSIE that when you export a single "certificate" (out of your "own" certificiate set) it allows a PKCS12 export. However, if you shift-click more than one, the PKCS12 option is greyed out. Also, my app will support multiple keys/certs in a variety of places. For example, the public key cert for user X is in one PKCS12-format file, and the corresponding private key is in a separate PKCS12-format file. Are there any official matching mechanisms? Currently, a user of my app who wishes to sign something with their private key specifies an "alias" which I map to a friendlyName, then look for their public key cert using that friendlyName, then look for a corresponding private key using the friendlyName. If I can't find a private key with that friendlyName, I use the localKeyID from the public key cert to match. If there is no localKeyID then I error out. Does that sound like a reasonable matching algorithm? Can localKeyIDs be used to match across different files? Well.. I should rephrase.. Is this common, or acceptable practice? ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
