[Openswan Users] README.nss

Michael H. Warfield mhw at WittsEnd.com
Mon Jan 24 09:21:01 EST 2011

On Mon, 2011-01-24 at 07:06 -0700, Willie Gillespie wrote: 
> On 01/23/2011 04:50 PM, Michael H. Warfield wrote:
> > Philosophical thoughts on README.nss, though.  As a cryptographer, I am
> > morally offending by some of the things in there.  It says to export the
> > CA keypair to a pkcs12 .p12 file and import them onto other machines.
> > Private keys should only exist on the machines to which they belong.
> > That's fundamental.  I can not possibly overstress that concept.  Using
> > pkcs12 requires including the private key (someone please correct me if
> > I'm wrong on this with pointers to the correct openssl syntax to do it).
> I haven't tried it, but is it possible with the -nokeys option of pkcs12?

That's a very good question too and might be an alternate method.  I'll
check that out.  Thanks!

Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://lists.openswan.org/pipermail/users/attachments/20110124/ba6db898/attachment.bin 

More information about the Users mailing list