[prev in list] [next in list] [prev in thread] [next in thread] 

List:       mozilla-crypto
Subject:    Re: Adding certificates to cert7.db (cert8.db)
From:       Martin Clausen <c971713 () student ! dtu ! dk>
Date:       2003-06-29 17:41:18
[Download RAW message or body]

Wan-Teh Chang wrote:
> Martin Clausen wrote:
> 
>  > If one adds certificates to cert7.db using a third party tool (i.e. not
>  > NSS) will NSS > 3.7 be able to use those certificates?
>  >
>  > Does NSS > 3.7 synchronize the cert7.db and the cert8.db databases?
> 
> By the way, it should be NSS >= 3.7.  cert8.db was introduced in NSS
> 3.7.
> 
> If cert8.db exists, NSS >= 3.7 uses it.
> 
> If cert8.db does not exist but cert7.db exists, NSS >= 3.7 creates
> cert8.db from the data in cert7.db and then uses cert8.db.
> 
> So NSS >= 3.7 only uses cert7.db in a readonly way and only uses
> it *once* to create cert8.db, if cert8.db doesn't exist.

OK, that clarifies things.

What is the best way to import certificates and private keys into the 
databases using JSS? A combination of CryptoManager.importCertPackage() 
and CryptoStore.importPrivateKey()? The KeyStore interface is described 
as being broken 
(http://www.mozilla.org/projects/security/pki/jss/provider_notes.html)?

-- Martin


[prev in list] [next in list] [prev in thread] [next in thread]