[Swan] Looks like loading preshared keys does in fact need NSS

[Paul Wouters]

On Fri, 28 Jun 2013, Greg Scott wrote:

> Anyway - no getting around it - if you have old Openswan RSA keys and you want to keep using RSA keys, you have generate new RSA keys inside a new NSS database now, right?  No way to create an empty NSS database and feed the old key into it?

Correct.

> I guess the good part is, it seems like a one-time transition.  Once you have those .db files, you can just copy them to the newer versions when upgrades come along.  This is manageable.

Yes, nss will upgrade the db files if their internal format changes.
This has already happened once.

Paul