Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

JSS: How to recover only certificates wich have an associated private key.

14 views
Skip to first unread message

j.fabre

unread,
Feb 27, 2007, 3:03:30 PM2/27/07
to dev-tec...@lists.mozilla.org
Hi all,

I惴 developing an applet with JSS 4, my intentions are to access
Firefox愀 certs repositories and recover the user certificates, and
among them, only show to the user the certificates which have a private
key associated with. This is done, in order to user can select only
certificates which he/she can sign some code.

I惴 in trouble to achieve this, because I use the method
"getCertificates()" of CertStore class, that, following JSS javadoc,
recovers user certificates, which have a private key associated. But
when I call getCertificates, it gives me all the certificates which are
stored in a security device called: Software Security Device, unaware if
they are user, with a private key associated or not, or root CA
certificates... :-(
Another problem that i found is that I don愒 know how to associate a
certificate with its corresponding private key, since I recover both
collections separately (using getCertificates, and getPrivateKeys), and
if I have, for example, this result from these operations, respectively:
getCertificates() -->Cert A. Cert B. Cert C.
getPrivateKeys() --> PrivKey X.
澦ow I can know if privkey X corresponds to Cert A, B or C without doing
any cryptograhic operations between keys and certs signatures?

I惴 thinking about what I惴 missing or doing wrong, and what can I do to
recover the real user certificates from Firefox certs store and retrieve
their associated private keys.

Any help will be appreciated.
Thanks a lot for your time!!

Dennis Sinelnikov

unread,
Mar 1, 2007, 9:56:19 AM3/1/07
to
CryptoManager's findPrivKeyByCert(X509Certificate cert) might do the trick.


hth,
Dennis

j.fabre

unread,
Mar 2, 2007, 3:39:48 AM3/2/07
to Dennis Sinelnikov, dev-tec...@lists.mozilla.org
Yes!!
I didn´t see this method, since I looked for it in PrivateKey and
X509Certificate classes.

Thanks a lot.
Jesús el tuty.

Dennis Sinelnikov wrote:
> CryptoManager's findPrivKeyByCert(X509Certificate cert) might do the
> trick.
>
>
> hth,
> Dennis
>
> j.fabre wrote:
>> Hi all,
>>

>> I´m developing an applet with JSS 4, my intentions are to access
>> Firefox´s certs repositories and recover the user certificates, and

>> among them, only show to the user the certificates which have a
>> private key associated with. This is done, in order to user can
>> select only certificates which he/she can sign some code.
>>

>> I´m in trouble to achieve this, because I use the method

>> "getCertificates()" of CertStore class, that, following JSS javadoc,
>> recovers user certificates, which have a private key associated. But
>> when I call getCertificates, it gives me all the certificates which
>> are stored in a security device called: Software Security Device,
>> unaware if they are user, with a private key associated or not, or
>> root CA certificates... :-(

>> Another problem that i found is that I don´t know how to associate a

>> certificate with its corresponding private key, since I recover both
>> collections separately (using getCertificates, and getPrivateKeys),
>> and if I have, for example, this result from these operations,
>> respectively:
>> getCertificates() -->Cert A. Cert B. Cert C.
>> getPrivateKeys() --> PrivKey X.

>> żHow I can know if privkey X corresponds to Cert A, B or C without

>> doing any cryptograhic operations between keys and certs signatures?
>>

>> I´m thinking about what I´m missing or doing wrong, and what can I do

>> to recover the real user certificates from Firefox certs store and
>> retrieve their associated private keys.
>>
>> Any help will be appreciated.
>> Thanks a lot for your time!!
>>

> _______________________________________________
> dev-tech-crypto mailing list
> dev-tec...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-tech-crypto
>

Jaime Hablutzel Egoavil

unread,
Apr 10, 2013, 12:06:31 PM4/10/13
to Dennis Sinelnikov, dev-tec...@lists.mozilla.org
Take into account that this method (at least in jss3) won't return null on the absence of a private key for a given certificate but it will throw an exception, so you have to handle exceptions as program logic, something like

...
List certificatesWithMatchingPrivKey = ...;
try {
cryptoManager.findPrivKeyByCert(certificate)
certificatesWithMatchingPrivKey.add(certificate);
} catch (ObjectNotFoundException e) {
// no priv key
> >> ¿How I can know if privkey X corresponds to Cert A, B or C without

Jaime Hablutzel Egoavil

unread,
Apr 10, 2013, 12:06:31 PM4/10/13
to mozilla.dev...@googlegroups.com, Dennis Sinelnikov, dev-tec...@lists.mozilla.org
Take into account that this method (at least in jss3) won't return null on the absence of a private key for a given certificate but it will throw an exception, so you have to handle exceptions as program logic, something like

...
List certificatesWithMatchingPrivKey = ...;
try {
cryptoManager.findPrivKeyByCert(certificate)
certificatesWithMatchingPrivKey.add(certificate);
} catch (ObjectNotFoundException e) {
// no priv key
}

On Friday, March 2, 2007 3:39:48 AM UTC-5, j.fabre wrote:
> >> ¿How I can know if privkey X corresponds to Cert A, B or C without
0 new messages