[Swan-dev] nss vs newhostkey / showhostkey
Paul Wouters
paul at nohats.ca
Mon Jun 20 19:52:26 UTC 2016
On Mon, 20 Jun 2016, Andrew Cagney wrote:
> For reference, this is how things now work; since showhostkey takes a
> CKAID it can even use a key generated from the above:
>
> [root at east source]# ipsec showhostkey --list
> < 1> RSA keyid: AwEAAdcO4 ckaid: dd13a62c0281633bad8bffa435b8762d67b1be43
> [root at east source]# certutil -d sql:/etc/ipsec.d -G
> [root at east source]# ipsec showhostkey --list
> < 1> RSA keyid: AwEAAdcO4 ckaid: dd13a62c0281633bad8bffa435b8762d67b1be43
> < 2> RSA keyid: AwEAAZ4R4 ckaid: 853abdb3d1d3fa098f65875256670a2dfa3dc513
> [root at east source]# ipsec showhostkey --left --ckaid 853
> # rsakey AwEAAZ4R4
> leftrsasigkey=0sAwEAAZ4R4E3dLptXLNmGaKH9yQtvke9EM7VTStG96bKkUPphWIpjylW/YFf9/EOYwqCm9aUEYz8ZaoPm6V3qqsSl6FvO/MJJGPt2StPNoh6RrkKQrkNFR/e3iGMULKk7VCtx/yDDss9hqFnTeE0rSlJnInXoXBjNvzTYl3K1I6if7jgWWu0ibIS9KGgTcgVBRW+t7HBIVtatrsgKZRY1YaQ6RmnqgyRuyEOt1XzkYKwm4wSfbYy/dEPL91rNLsLAX1RUrlHrrVpCHVLjt5TVFwiXFp3BMz1OiAv/PWoRXDcw/ZsLhSBcA7pyHF0vmtBuhoRisjtDKYiuKE1waJoe8zMDytU=
Awesome!
It ignores key types we don't support? :)
Paul
More information about the Swan-dev
mailing list