[Swan-dev] nss vs newhostkey / showhostkey

Andrew Cagney andrew.cagney at gmail.com
Wed May 25 19:50:19 UTC 2016

On 25 May 2016 at 15:29, Paul Wouters <paul at nohats.ca> wrote:
>> I suspect the correct way is to create the certificate at the same
>> time as the key-pair (like certutil -S).
> I was hoping to avoid that, but if that's what is needed we could do
> that.

Since we're using NSS we should, perhaps, try to be more NSS like.
Otoh, we know how to find the key-pair using the ckaid so it can be
done in rsasigkey or showhostkey.
(I still can't see the point of certutil -G (other than provide a
reference implementation for rsasigkey)).

More information about the Swan-dev mailing list