[Openswan Users] README.nss
Michael H. Warfield
mhw at WittsEnd.com
Mon Jan 24 09:21:01 EST 2011
On Mon, 2011-01-24 at 07:06 -0700, Willie Gillespie wrote:
> On 01/23/2011 04:50 PM, Michael H. Warfield wrote:
> > Philosophical thoughts on README.nss, though. As a cryptographer, I am
> > morally offending by some of the things in there. It says to export the
> > CA keypair to a pkcs12 .p12 file and import them onto other machines.
> > Private keys should only exist on the machines to which they belong.
> > That's fundamental. I can not possibly overstress that concept. Using
> > pkcs12 requires including the private key (someone please correct me if
> > I'm wrong on this with pointers to the correct openssl syntax to do it).
>
> I haven't tried it, but is it possible with the -nokeys option of pkcs12?
That's a very good question too and might be an alternate method. I'll
check that out. Thanks!
Regards,
Mike
--
Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://lists.openswan.org/pipermail/users/attachments/20110124/ba6db898/attachment.bin
More information about the Users
mailing list