Hi, >>> I can find the certificates in the sql dump (BEGIN CERTIFICATE) but I >>> can't find any string with 'BEGIN ENCRYPTED PRIVATE KEY'. Where is the >>> private key located? > >> The keys are wrapped into a PKCS7 containe - look for something where >> the namespace column has a value of sys.crypto.keys > > what's the preferred way, store in database or put a keyfile with permission > 0400/user openxpki on hdd ?
It's your decision. Back in the day when I designed this initially I deliberately chose not to have any key material in the database. (That was at a time when the datapool did not exist yet, though.) Over the time we found that many users seem to prefer their software keys in the database, as this makes cluster setups easier to manage, so we implemented this. Both has its advantages and disadvantages, and we leave the decision for/against storing keys in the datapool to the skilled PKI architects who use our PKI software. Cheers Martin _______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users