[Openswan Users] CKAIDNSS keyword not found where expected in RSAkey in /var/log/secure

Greg Scott GregScott at InfraSupportEtc.com
Wed Jul 8 15:22:25 EDT 2009 

> It should work. I suspect you did not do "prelink -u -a",  please 
> do this and try again. All these things need not to be done with
2.6.21-5.

Whew - success (I think)!

[root at huge-fw ipsec.d]#
[root at huge-fw ipsec.d]# rm -R -f nssdb
[root at huge-fw ipsec.d]# mkdir nssdb
[root at huge-fw ipsec.d]# prelink -u -a
prelink: /usr/lib/debug/usr/sbin/ntop.debug: PT_INTERP segment not
corresponding to .interp section
[root at huge-fw ipsec.d]# certutil -N -d sql:/etc/ipsec.d/nssdb
Enter a password which will be used to encrypt your keys.
The password should be at least 8 characters long,
and should contain at least one non-alphabetic character.

Enter new password:
Re-enter password:
[root at huge-fw ipsec.d]# modutil -fips true  -dbdir
sql:/etc/ipsec.d/nssdb                               
WARNING: Performing this operation while the browser is running could
cause
corruption of your security databases. If the browser is currently
running,
you should exit browser before continuing this operation. Type
'q <enter>' to abort, or <enter> to continue:

FIPS mode enabled.
[root at huge-fw ipsec.d]# ipsec newhostkey --random /dev/urandom
--configdir /etc/ipsec.d/nssdb --password ZSE45tgb --output
/etc/ipsec.d/hostkey.secrets
Generated RSA key pair using the NSS database
[root at huge-fw ipsec.d]#
[root at huge-fw ipsec.d]#
[root at huge-fw ipsec.d]# more hostkey.secrets
: RSA   {
        # RSA 2192 bits   huge-fw   Wed Jul  8 14:17:54 2009
        # for signatures only, UNSAFE FOR ENCRYPTION
 
#pubkey=0sAQPgHGxjC1V8uCNyGW0eDipKVWisJmAm/yTVZGvkoFSbRsRPuqe039rS0rFGnM
tRbCh+YuDfUScPqLhSNWmkJ6z
ecGV/zJNVav0zCKsnTPR3Ycjqh8SZl09YP3dzlv5ouZ2mI2rLOng5yCweRUgrV/1Gh9v33Ol
uKYG7HJqPNe2FTAFmFhmILLHoQ8IOn6X4
bJgeYtvPm3rIau+/Oi2uAn4UIGuA/m31REJL6h5Ivetko3bN4lAw7mhe/ePv5M3140yS9JQN
/S+ATwOyYYS+yLEwoo0Z0cuK/5RIXlurd
MmI8SOOTLZoq+0mVf4UDgUhXQ3CAmu2ofiGNLNOZDRy9uFcXjczKf/wfjI3z/H8h0IUVEo7
        Modulus:
0xe01c6c630b557cb82372196d1e0e2a4a5568ac266026ff24d5646be4a0549b46c44fba
a7b4dfdad2d2b146
9ccb516c287e62e0df51270fa8b8523569a427acde70657fcc93556afd3308ab274cf477
61c8ea87c499974f583f777396fe68b99
da6236acb3a7839c82c1e45482b57fd4687dbf7dce96e2981bb1c9a8f35ed854c0166161
9882cb1e843c20e9fa5f86c981e62dbcf
9b7ac86aefbf3a2dae027e14206b80fe6df544424bea1e48bdeb64a376cde25030ee685e
fde3efe4cdf5e34c92f4940dfd2f804f0
3b26184bec8b130a28d19d1cb8aff94485e5bab74c988f1238e4cb668abed2655fe140e0
5215d0dc2026bb6a1f88634b34e643472
f6e15c5e373329fff07e3237cff1fc874214544a3b
        PublicExponent: 0x03
        # everything after this point is CKA_ID in hex format when using
NSS
        PrivateExponent: 0x347ca583a016f3a2de97dc6c5bccf06e633333f4
        Prime1: 0x347ca583a016f3a2de97dc6c5bccf06e633333f4
        Prime2: 0x347ca583a016f3a2de97dc6c5bccf06e633333f4
        Exponent1: 0x347ca583a016f3a2de97dc6c5bccf06e633333f4
        Exponent2: 0x347ca583a016f3a2de97dc6c5bccf06e633333f4
        Coefficient: 0x347ca583a016f3a2de97dc6c5bccf06e633333f4
        CKAIDNSS: 0x347ca583a016f3a2de97dc6c5bccf06e633333f4
        }
# do not change the indenting of that "}"
[root at huge-fw ipsec.d]#

More information about the Users mailing list