This page is part of the SSL Reference that we are migrating into the format described in the MDN Style Guide. If you are inclined to help with this migration, your help would be very much appreciated.

Upgraded documentation may be found in the Current NSS Reference

Key Functions

Chapter 6
Key Functions

This chapter describes two functions used to manipulate private keys and key databases such as the key3.db database provided with Communicator.

SECKEY_GetDefaultKeyDB
SECKEY_DestroyPrivateKey

SECKEY_GetDefaultKeyDB

Returns a handle to the default key database opened by NSS_Init.

Syntax

#include <key.h>
#include <keyt.h>

SECKEYKeyDBHandle *SECKEY_GetDefaultKeyDB(void);

Returns

The function returns a handle of type SECKEYKeyDBHandle.

Description

NSS_Init opens the certificate, key, and security module databases that you specify for use with NSS. SECKEYKeyDBHandle returns a handle to the key database opened by NSS_Init.

SECKEY_DestroyPrivateKey

Destroys a private key structure.

Syntax

#include <key.h>
#include <keyt.h>

void SECKEY_DestroyPrivateKey(SECKEYPrivateKey *key);

Parameter

This function has the following parameter:

key	A pointer to the private key structure to destroy.

Description

Certificate and key structures are shared objects. When an application makes a copy of a particular certificate or key structure that already exists in memory, SSL makes a shallow copy--that is, it increments the reference count for that object rather than making a whole new copy. When you call CERT_DestroyCertificate or SECKEY_DestroyPrivateKey, the function decrements the reference count and, if the reference count reaches zero as a result, both frees the memory and sets all the bits to zero. The use of the word "destroy" in function names or in the description of a function implies reference counting.

Never alter the contents of a certificate or key structure. If you attempt to do so, the change affects all the shallow copies of that structure and can cause severe problems.