Re: [Swan] RSA keys help

Wed, 23 Jan 2019 11:15:12 -0800 

On Wed, 23 Jan 2019, Kostya Vasilyev wrote:


p12 would be fine - since that opens up a way to exchange with other formats.

But right now importing or exporting to/from NSS seems to be limited to 
*certificates* not keys...


import and export work fine.

[root@thinkpad tmp]# certutil -L -d sql:/etc/ipsec.d
Certificate Nickname                                         Trust
Attributes
                                                             SSL,S/MIME,JAR/XPI

letoams.nohats.ca                                            u,u,u
Certificate Agency (CA) - No Hats Corporation CT,, pwouters.nohats.ca u,u,u Certificate Agency (CA) - NetDev CT,, strongWest u,u,u 
strongSwan CA - strongSwan                                   CT,,

[root@thinkpad tmp]# certutil -K -d sql:/etc/ipsec.d
certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and 
Certificate Services"
< 0> rsa      2ad438fc7f3b65706f0381520f9f106a9eba7a96 letoams.nohats.ca
< 1> rsa      12fad02b4cfdd324049101ed1e79d5066cfc965d   (orphan)
< 2> rsa      1d20a472e6e75c7cee710e7304b7b10223cc8ab9 pwouters.nohats.ca
< 3> rsa      b9d591b99433b94ccc27af7f19235fe0e01b9214   (orphan)
< 4> ec       38ccad88c730f0cad273369617d2df83ecee02ae   strongWest
[root@thinkpad tmp]# pk12util -o test.p12 -d sql:/etc/ipsec.d -W password -n pwouters.nohats.ca pk12util: PKCS12 EXPORT SUCCESSFUL 

[root@thinkpad tmp]# ls -l test.p12
-rw------- 1 root root 3907 Jan 23 14:11 test.p12
[root@thinkpad tmp]# mkdir /tmp/test
[root@thinkpad tmp]# ipsec initnss --nssdir /tmp/test
Initializing NSS database

[root@thinkpad tmp]# ipsec import --nssdir /tmp/test test.p12
Enter password for PKCS12 file: pk12util: PKCS12 IMPORT SUCCESSFUL 
correcting trust bits for Certificate Agency (CA) - NetDev
[root@thinkpad tmp]# certutil -L -d sql:/tmp/test

Certificate Nickname                                         Trust
Attributes
                                                             SSL,S/MIME,JAR/XPI

pwouters.nohats.ca                                           u,u,u
Certificate Agency (CA) - NetDev CT,, [root@thinkpad tmp]# certutil -K -d sql:/tmp/test 
certutil: Checking token "NSS Certificate DB" in slot "NSS User Private
Key and Certificate Services"
< 0> rsa      1d20a472e6e75c7cee710e7304b7b10223cc8ab9 pwouters.nohats.ca
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan

Reply via email to