Hi Andreas,
the sample config script and the sample config repo just work because
the used password is known to be "root". The variables in the script
have been added by a user who contributed to this script but we did not
make any efforts to automate a sync of passwords there as we do not want
people to use it beyond testing.
As already written in the other topic, OpenXKPKI just loads the bare
content of the blobs into the database, you are responsible to provide
the right passwords via the secret manager.
Oliver
On 19.08.24 22:17, Andreas Piesk via OpenXPKI-users wrote:
Hello list,
I try to understand how openxpki get the passphrases of the imported
keys.
from sample_config.sh:
openssl req -verbose -config "${OPENSSL_CONF}" -extensions
v3_datavault_extensions -batch -x509 -newkey rsa:$BITS -days ${DDAYS}
-passout file:"${DATAVAULT_KEY_PASSWORD}" -keyout "${DATAVAULT_KEY}"
-subj "${D
ATAVAULT_SUBJECT}" -out "${DATAVAULT_CERTIFICATE}"
openxpkiadm alias --file "${DATAVAULT_CERTIFICATE}" --realm "${REALM}"
--token datasafe --key ${DATAVAULT_KEY}
the randomly generated passphrase is stored in file
${DATAVAULT_KEY_PASSWORD} but it's provided to openxpkiadm.
In crypto.yaml:
secret:
default:
import: 1
Is the passphrase somehow imported along with the key? Is *.pass read
by openxpkiadm it if exists? I looked at openxpkiadm but no such file
ops.
Best,
-ap
_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
