blob: a9173d8e7b599a375975b2cc7c8de56fbd3702f4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
#!/bin/sh
extract_certificate_and_private_key()
{
passphrase_file=$(mktemp) || exit
echo asdf > $passphrase_file
local nssdb="$1" name="$2"
pk12util -d sql:"$nssdb" -n "$name" -w "$passphrase_file" -o /dev/stdout |
openssl pkcs12 -passin file:"$passphrase_file" -nodes
rm "$passphrase_file"
}
extract_public_key()
{
local nssdb="$1" name="$2"
certutil -d sql:"$nssdb" -L -n "$name" -a | openssl x509 -pubkey -noout
}
extract_private_key()
{
extract_certificate_and_private_key "$@" | openssl rsa -outform PEM
}
extract_certificate()
{
extract_certificate_and_private_key "$@" | openssl x509
}
for nssdb in "$HOME/.pki/nssdb" "$HOME"/.mozilla/firefox/*; do
[ -d "$nssdb" ] || continue
[ -e "$nssdb"/cert8.db -o -e "$nssdb"/cert9.db ] || continue
echo "nssdb=$nssdb" >&2
certutil -d sql:"$nssdb" -L | sed -ne 's/ *.,.,.$//p' |
while read name; do
# certutil -d sql:"$nssdb" -K -n "$name"
# extract_public_key "$nssdb" "$name"
# extract_certificate_and_private_key "$nssdb" "$name"
extract_private_key "$nssdb" "$name"
extract_certificate "$nssdb" "$name"
done
done
|
