[Openswan Users] CKAIDNSS keyword not found where expected in RSAkey in /var/log/secure

Erich Titl erich.titl at think.ch
Wed Jul 8 19:04:24 EDT 2009

Avesh Agarwal wrote:...
>> But I don't understand why go to the trouble?  How does putting the RSA
>> key or certificate into this database make security any better?  Also,
> Private keys are really private, and never comes out of NSS database, as 
> I said above. Makes a better security.

Just curious to know how you add an externally generated private key to
that database and how this is supposed to improve security over an
encrypted private key? The NSS database can still be copied and brute
forced. Why not use a PKCS#11 container, which would be an established
standard and thus lead to an interface for hardware tokens?



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3396 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.openswan.org/pipermail/users/attachments/20090709/6c4baa0c/attachment.bin 

More information about the Users mailing list