[Openswan Users] CKAIDNSS keyword not found where expected in RSAkey in /var/log/secure
erich.titl at think.ch
Wed Jul 8 19:04:24 EDT 2009
Avesh Agarwal wrote:...
>> But I don't understand why go to the trouble? How does putting the RSA
>> key or certificate into this database make security any better? Also,
> Private keys are really private, and never comes out of NSS database, as
> I said above. Makes a better security.
Just curious to know how you add an externally generated private key to
that database and how this is supposed to improve security over an
encrypted private key? The NSS database can still be copied and brute
forced. Why not use a PKCS#11 container, which would be an established
standard and thus lead to an interface for hardware tokens?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3396 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.openswan.org/pipermail/users/attachments/20090709/6c4baa0c/attachment.bin
More information about the Users