On Wed, Jan 23, 2019, at 9:28 PM, Paul Wouters wrote: > On Wed, 23 Jan 2019, Kostya Vasilyev wrote: > > > It would be nice if NSS supported importing / exporting openssl *keys* > > directly, including private keys, to make key management easier, but I > > understand it's an external (to libreswan) piece of software. > > Yeah, we have talked to the NSS people about that. It's hard for them to > do since they try to not allow exporting private keys at all, unless > wrapped in something (eg like p12) for FIPS reasons.
p12 would be fine - since that opens up a way to exchange with other formats. But right now importing or exporting to/from NSS seems to be limited to *certificates* not keys... -- K _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
