Key Functions


Chapter 6
Key Functions

This chapter describes two functions used to manipulate private keys and key databases such as the key3.db database provided with Communicator.

SECKEY_GetDefaultKeyDB
SECKEY_DestroyPrivateKey

SECKEY_GetDefaultKeyDB

Returns a handle to the default key database opened by NSS_Init.

Syntax
#include <key.h>
#include <keyt.h>
SECKEYKeyDBHandle *SECKEY_GetDefaultKeyDB(void);
Returns

The function returns a handle of type SECKEYKeyDBHandle.

Description

NSS_Init opens the certificate, key, and security module databases that you specify for use with NSS. SECKEYKeyDBHandle returns a handle to the key database opened by NSS_Init.

SECKEY_DestroyPrivateKey

Destroys a private key structure.

Syntax
#include <key.h>
#include <keyt.h>
void SECKEY_DestroyPrivateKey(SECKEYPrivateKey *key);
Parameter

This function has the following parameter:

key

A pointer to the private key structure to destroy.

Description

Certificate and key structures are shared objects. When an application makes a copy of a particular certificate or key structure that already exists in memory, SSL makes a shallow copy--that is, it increments the reference count for that object rather than making a whole new copy. When you call CERT_DestroyCertificate or SECKEY_DestroyPrivateKey, the function decrements the reference count and, if the reference count reaches zero as a result, both frees the memory and sets all the bits to zero. The use of the word "destroy" in function names or in the description of a function implies reference counting.

Never alter the contents of a certificate or key structure. If you attempt to do so, the change affects all the shallow copies of that structure and can cause severe problems.