- add support for using encrypted storage for keys, using PIN values supplied directly or read from files whose names are supplied - don't choke on NSS database locations that use the "sql:" or "dbm:" prefix