[kmf-discuss] minor pktool usability enhancements
Wyllys Ingersoll
wyllys.ingersoll at sun.com
Thu Apr 24 07:14:25 PDT 2008
Darren J Moffat wrote:
> 1. Need to specify separate outkey + outdir isn't UNIX like a single
> option that takes a full path is needed to help scripting pktool(1).
>
This has come up before and I agree it should be corrected.
> 2. Ability output secret key as hex into a file rather than just display.
>
You can export the secret key in a PKCS12 file today. Some secret keys
must be wrapped and we don't
currently have the interface to export a wrapped key, though it shouldnt
be tooooo difficult to
make that happen.
> 3. If no PKCS#11 or NSS options passed but do have outkey= then assume
> keystore=file.
>
The default keystore is pkcs11 unless explicitly set otherwise. The
keystore in the "export"
operation refers to where the key is coming from. Exporting a key FROM
a "file" keystore
to a "file" is kind of redundant, no?
-Wyllys
More information about the kmf-discuss
mailing list