[Openswan Users] CKAIDNSS keyword not found where expected in RSAkey in /var/log/secure

Avesh Agarwal avagarwa at redhat.com
Thu Jul 9 09:26:27 EDT 2009

Paul Wouters wrote:
> On Wed, 8 Jul 2009, Greg Scott wrote:
>> [root at huge-fw ipsec.d]# ipsec newhostkey --random /dev/urandom
>> --configdir /etc/ipsec.d/nssdb --password ZSE45tgb --output
>> /etc/ipsec.d/hostkey.secrets
>> Generated RSA key pair using the NSS database
> Never use /dev/urandom for long term keys! Openswan knows when it needs
> to use /dev/random and when it is not safe to use /dev/urandom. Don't
> second guess it!
> Paul
Hi Paul,

NSS does not change anything in the way /dev/random or /dev/urandom is 


More information about the Users mailing list