Writing firefox extension: How to export private key from certificate database? Possible?

I am writing a Firefox extension and am looking for a way to export the private key from 开发者_如何转开发an installed certificate.

This would be replacing the previous process of saving a backup PKCS12 .p12 file, then running using: "openssl pkcs12 -nocert -in backup.p12 -out userkey.pem"

Thanks!

EDIT: I can now save a PKCS12 backup using the XPCOM API, I can extract the Certificate, but am still looking for a way to extract the private key (see the openssl command above). This needs to be cross platform...

If the point is simply avoiding to export the private key manually then you can use pk12util tool which is part of NSS. You can export the certificate like this:

pk12util -o backup.p12 -n certificate_name -d /firefox/profile/dir

That's a lot easier than doing the same thing from an extension. From what I know, NSS explicitly doesn't allow storing the private key unencrypted in the PEM format so you would still need OpenSSL for that.

I have given up doing this. Instead I'm writing a python CGI script and sending the certificate and keys over an SSL connection to an Apache server.