Cannot delete a private key using certutil -F
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
nss (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
root@root:
certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
Enter Password or Pin for "NSS Certificate DB":
< 0> rsa 04ff65bfa43d713
< 1> rsa c89d0f0a39893f5
< 2> rsa 323236d51ca7a59
< 3> rsa 4dd54c6572610a2
< 4> rsa a7180b2d9f5dbbb
< 5> rsa 8323fde266d0db6
root@root:
Certificate Nickname Trust Attributes
1.2.3.4 CTu,u,u
2.3.4.5 u,u,u
2.3.4.7 u,u,u
2.3.4.37 u,u,u
root@root:
Here the cert got deleted
root@root:
Certificate Nickname Trust Attributes
1.2.3.4 CTu,u,u
2.3.4.5 u,u,u
2.3.4.7 u,u,u
But the private key did not get which is expected I believe as I just deleted only the cert
root@root:
certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
Enter Password or Pin for "NSS Certificate DB":
< 0> rsa 04ff65bfa43d713
< 1> rsa c89d0f0a39893f5
< 2> rsa 323236d51ca7a59
< 3> rsa 4dd54c6572610a2
< 4> rsa a7180b2d9f5dbbb
< 5> rsa 8323fde266d0db6
So I attempted to delete the corresponding key
root@root:
Enter Password or Pin for "NSS Certificate DB":
But it did not delete as can be seen below.
root@root:
certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
< 0> rsa 04ff65bfa43d713
< 1> rsa c89d0f0a39893f5
< 2> rsa 323236d51ca7a59
< 3> rsa 4dd54c6572610a2
< 4> rsa a7180b2d9f5dbbb
< 5> rsa 8323fde266d0db6
Only way I can get the key deleted is by executing a "-F key deletion" on a key whose cert has not already been deleted. This however removes the corresponding cert also. I know there is a bug on 'being unable to delete a orphan key'. But I thought this is a distinct interesting behavior.
=========
lsb_release -rd
Description: Ubuntu 12.04.5 LTS
Release: 12.04
=========
dpkg -l | grep nss
ii insserv 1.14.0-2.1ubuntu2 Tool to organize boot sequence using LSB init.d script dependencies
ii libnss3 3.17-0ubuntu0.
ii libnss3-1d 3.17-0ubuntu0.
ii libnss3-tools 3.17.1-
ii openssh-client 1:5.9p1-5ubuntu1.4 secure shell (SSH) client, for secure access to remote machines
ii openssh-server 1:5.9p1-5ubuntu1.4 secure shell (SSH) server, for secure access from remote machines
ii openssl 1.0.1-4ubuntu5.17 Secure Socket Layer (SSL) binary and related cryptographic tools