MozillaWiki

NSS:RecentIRCQuestions

IRC channel #nss on server irc.mozilla.org

You might have recently asked a question on the channel, but you left the channel prior to receiving an answer? You can't be bothered to write a question to the newsgroup mozilla.dev.tech.crypto (although you really should)?

We might answer your question on this page, so check back (newest appear on top).

I'm trying to figure out the way in which private keys are stored in key3.db for <keygen> tag generation. I've tried certutil but cant seem to get it to locate the objects. I know they're being created in key3 as I can see the file being modified at <keygen> creation ... anyone know how to read the list of stored private keys?

This command will list all private keys. 

 certutil -d <database-directory> -K

Use the following command to get a list of all options: 

 certutil -H

However, I'm not aware of a command to export raw private keys. Once you obtain a certificate for your key pair, find the name of your cert with: 

 certutil -d <database-directory> -L

and then you will be able to export it using 

 pk12util -d <database-directory> -o <export-filename.p12> -n <name-of-cert>

kaie

Retrieved from "https://wiki.allizom.org/index.php?title=NSS:RecentIRCQuestions&oldid=300357"