This chapter describes two functions used to manipulate private keys and key databases such as the key3.db database provided with NSS. This was converted from "Chapter 6: Key Functions".

SECKEY_GetDefaultKeyDB

Returns a handle to the default key database opened by NSS_Init.

Syntax

  1. include <key.h>
  2. include <keyt.h>

SECKEYKeyDBHandle *SECKEY_GetDefaultKeyDB(void);

Returns The function returns a handle of type SECKEYKeyDBHandle.

Description NSS_Init opens the certificate, key, and security module databases that you specify for use with NSS. SECKEYKeyDBHandle returns a handle to the key database opened by NSS_Init.

SECKEY_DestroyPrivateKey

Destroys a private key structure.

Syntax

  1. include <key.h>
  2. include <keyt.h>

void SECKEY_DestroyPrivateKey(SECKEYPrivateKey *key);

Parameter This function has the following parameter:

key

A pointer to the private key structure to destroy.

Description Certificate and key structures are shared objects. When an application makes a copy of a particular certificate or key structure that already exists in memory, SSL makes a shallow copy--that is, it increments the reference count for that object rather than making a whole new copy. When you call CERT_DestroyCertificate or SECKEY_DestroyPrivateKey, the function decrements the reference count and, if the reference count reaches zero as a result, both frees the memory and sets all the bits to zero. The use of the word "destroy" in function names or in the description of a function implies reference counting.

Never alter the contents of a certificate or key structure. If you attempt to do so, the change affects all the shallow copies of that structure and can cause severe problems.