[Openswan Users] CKAIDNSS keyword not found where expected in RSAkey in /var/log/secure

Paul Wouters paul at xelerance.com
Wed Jul 8 19:04:49 EDT 2009


On Wed, 8 Jul 2009, Greg Scott wrote:

> [root at huge-fw ipsec.d]# ipsec newhostkey --random /dev/urandom
> --configdir /etc/ipsec.d/nssdb --password ZSE45tgb --output
> /etc/ipsec.d/hostkey.secrets
> Generated RSA key pair using the NSS database

Never use /dev/urandom for long term keys! Openswan knows when it needs
to use /dev/random and when it is not safe to use /dev/urandom. Don't
second guess it!

Paul


More information about the Users mailing list