编写 Firefox 扩展:如何从证书数据库导出私钥?可能的?
我正在编写一个 Firefox 扩展,并正在寻找一种从已安装的证书导出私钥的方法。
这将取代之前保存备份 PKCS12 .p12 文件的过程,然后使用以下命令运行:“openssl pkcs12 -nocert -in backup.p12 -out userkey.pem”
谢谢!
编辑:我现在可以使用 XPCOM API 保存 PKCS12 备份,我可以提取证书,但仍在寻找提取私钥的方法(请参阅上面的 openssl 命令)。这需要跨平台...
I am writing a Firefox extension and am looking for a way to export the private key from an installed certificate.
This would be replacing the previous process of saving a backup PKCS12 .p12 file, then running using: "openssl pkcs12 -nocert -in backup.p12 -out userkey.pem"
Thanks!
EDIT: I can now save a PKCS12 backup using the XPCOM API, I can extract the Certificate, but am still looking for a way to extract the private key (see the openssl command above). This needs to be cross platform...
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
如果只是避免手动导出私钥,那么您可以使用
pk12util工具,它是 NSS。您可以像这样导出证书:这比从扩展中执行相同的操作要容易得多。据我所知,NSS 明确不允许以 PEM 格式存储未加密的私钥,因此您仍然需要 OpenSSL。
If the point is simply avoiding to export the private key manually then you can use
pk12utiltool which is part of NSS. You can export the certificate like this:That's a lot easier than doing the same thing from an extension. From what I know, NSS explicitly doesn't allow storing the private key unencrypted in the PEM format so you would still need OpenSSL for that.
我已经放弃这样做了。相反,我正在编写一个 python CGI 脚本,并通过 SSL 连接将证书和密钥发送到 Apache 服务器。
I have given up doing this. Instead I'm writing a python CGI script and sending the certificate and keys over an SSL connection to an Apache server.