Author Topic: Code Signing - Private Key Generation  (Read 337 times)

Offline certforumz

  • Cert Exams
  • Administrator
  • Hero Member
  • *****
  • Posts: 890
  • Ask me a question ...
    • CertExams - CCNA, A+, Network+, and Others
Code Signing - Private Key Generation
« on: December 31, 2018, 01:34:42 AM »
 In the codesigning certificate provisioning procedure via Firefox, 1) is the private key ever transmitted from the machine running Firefox and 2) if not, how can I access the key during the certificate-generation period (between request and fulfillment) to verify the answer to 1)?

1) No
2) It is not possible to access your private key after the signup process even the key is generated, it is possible only after you have collected your certificate. After certificate collection you can export your certificate along with the private key.

When using the Browsers enrollment process, a security provider is used to generate a new key, and only the public key will be sent to the CA. The private key is stored locally in the browsers profile, however Firefox has no GUI to view such "incomplete" certificates (aka csr). It is stored on the filesystem so you need to ecure your machine.

See also: http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html


http://forums.comodo.com/code-signing-certificate/private-key-store-in-firefox-t29973.0.html