Code Signing - Private Key Generation

Started by certforumz, December 31, 2018, 01:34:42 AM

Previous topic - Next topic

certforumz

 In the codesigning certificate provisioning procedure via Firefox, 1) is the private key ever transmitted from the machine running Firefox and 2) if not, how can I access the key during the certificate-generation period (between request and fulfillment) to verify the answer to 1)?

1) No
2) It is not possible to access your private key after the signup process even the key is generated, it is possible only after you have collected your certificate. After certificate collection you can export your certificate along with the private key.

When using the Browsers enrollment process, a security provider is used to generate a new key, and only the public key will be sent to the CA. The private key is stored locally in the browsers profile, however Firefox has no GUI to view such "incomplete" certificates (aka csr). It is stored on the filesystem so you need to ecure your machine.

See also: http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html


http://forums.comodo.com/code-signing-certificate/private-key-store-in-firefox-t29973.0.html