MDN’s new design is in Beta! A sneak peek:

This chapter describes two functions used to manipulate private keys and key databases such as the key3.db database provided with NSS. This was converted from "Chapter 6: Key Functions".



Returns a handle to the default key database opened by NSS_Init.


  1. include <key.h>
  2. include <keyt.h>

SECKEYKeyDBHandle *SECKEY_GetDefaultKeyDB(void);

Returns The function returns a handle of type SECKEYKeyDBHandle.

Description NSS_Init opens the certificate, key, and security module databases that you specify for use with NSS. SECKEYKeyDBHandle returns a handle to the key database opened by NSS_Init.


Destroys a private key structure.


  1. include <key.h>
  2. include <keyt.h>

void SECKEY_DestroyPrivateKey(SECKEYPrivateKey *key);

Parameter This function has the following parameter:



A pointer to the private key structure to destroy.

Description Certificate and key structures are shared objects. When an application makes a copy of a particular certificate or key structure that already exists in memory, SSL makes a shallow copy--that is, it increments the reference count for that object rather than making a whole new copy. When you call CERT_DestroyCertificate or SECKEY_DestroyPrivateKey, the function decrements the reference count and, if the reference count reaches zero as a result, both frees the memory and sets all the bits to zero. The use of the word "destroy" in function names or in the description of a function implies reference counting.

Never alter the contents of a certificate or key structure. If you attempt to do so, the change affects all the shallow copies of that structure and can cause severe problems.

Document Tags and Contributors

 Contributors to this page: fscholz, kwilson,, Relyea
 Last updated by: fscholz,