PreviousNextUp[Front page] [Index]

Importing a Private Key

The Import Private Key option is used to import private key data to existing certificate. Private key data can either be a software private key in PKCS#1, PKCS#8 or PKCS#12 format or information about private key stored in hardware token and accessed through PKCS#11. In that case the import operation stored only access information to database, the key itself is not imported.

Note that when a key is imported, the old private key data stored to certificate is removed and this operation cannot be undone. Also note that this operation only affects one certificate. Any other certificates with same private key data are unaffected. Key must be imported to them separately (or their keys removed) if old key data needs to be removed from database.

One possible use for this feature is moving existing software key to hardware token. This is done by first exporting the key in PKCS#8 file through View Private Key and then importing it to the hardware token. The key can then used in Certifier by importing it back.

Import Private Key option automatically recognizes if a matching PKCS#11 private key is present. Please configure and insert the right token before starting the import operation. If no PKCS#11 key is detected, the user is given an option to import a software key instead.

Software key import needs an base-64-encoded (PEM-encoded) private key file which is copied to Software private key input box. Private Key Format field can usually be left to default autodetect option, but in case Certifier has problems in decoding the private key selecting the precise format might help. Passphrase is needed when decoding encrypted private key files like PKCS#8 or PKCS#12 and is not used otherwise.


PreviousNextUp[Front page] [Index]