[Swan-dev] Delete an RSA key from NSS
Cesare Leonardi
celeonar at gmail.com
Mon Oct 22 23:26:39 UTC 2018
Hello,
I'm new to libreswan and while reading documentation and doing some
tests, I observed that ipsec command permit to initialize an NSS
database, to create a key, to show stored keys but, surprisingly, not to
delete keys. Then I searched how to do it but was not so simple and I
discovered that certutil learned only recently (version 3.39) to delete
keys:
https://bugzilla.mozilla.org/show_bug.cgi?id=291383
I guess this is the reason why also libreswan lacked this functionality
until now, so I'm writing here in case you didn't know about this new
certutil feature.
It would be good if one day we can use something like:
ipsec delhostkey --ckaid CKAID
Without having to search for the equivalent:
certutil -F -k CKAID -d /var/lib/ipsec/nss/
Cesare.
More information about the Swan-dev
mailing list