[OpenXPKI-users] Passphrase of imported keys

Andreas Piesk via OpenXPKI-users Mon, 19 Aug 2024 13:18:42 -0700

Hello list,

I try to understand how openxpki get the passphrases of the imported keys.


from sample_config.sh:

openssl req -verbose -config "${OPENSSL_CONF}" -extensions v3_datavault_extensions -batch -x509 -newkey 
rsa:$BITS -days ${DDAYS} -passout file:"${DATAVAULT_KEY_PASSWORD}" -keyout "${DATAVAULT_KEY}" 
-subj "${D
ATAVAULT_SUBJECT}" -out "${DATAVAULT_CERTIFICATE}"

openxpkiadm alias --file "${DATAVAULT_CERTIFICATE}" --realm "${REALM}" --token 
datasafe --key ${DATAVAULT_KEY}


the randomly generated passphrase is stored in file ${DATAVAULT_KEY_PASSWORD} 
but it's provided to openxpkiadm.

In crypto.yaml:
secret:
    default:
        import: 1

Is the passphrase somehow imported along with the key? Is *.pass read by 
openxpkiadm it if exists? I looked at openxpkiadm but no such file ops.

Best,
-ap



_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users

[OpenXPKI-users] Passphrase of imported keys

Reply via email to