On Tue, Jul 14, 2009, tito wrote: > Hi all , > > I have used SPKAC format to request a digital certificate from mozilla and > signed the request with my master key from open ssl and imported it to my > mozilla. I can readily export (backup)the private key + certificate from > mozilla and import it to some other system's mozilla browser.I dont want > this to happen.I dont want the private key to be exported. is there any > option in openssl to disable this. > >
This isn't anything to do with OpenSSL. The key is generated on the client. Windows CryptoAPI (as used by MSIE et al) provides an option to make the private key unexportable but Mozilla AFAIK doesn't. The concept of "unexportable" without a HSM is rather doubtful anyway and is more security by obscurity: if you know how the key is stored you can extract it anyway. With CryptoAPI you don't even need to do that... Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
