[Swan] RSA keys help
Paul Wouters
paul at nohats.ca
Wed Jan 23 18:28:29 UTC 2019
On Wed, 23 Jan 2019, Kostya Vasilyev wrote:
> It would be nice if NSS supported importing / exporting openssl *keys* directly, including private keys, to make key management easier, but I understand it's an external (to libreswan) piece of software.
Yeah, we have talked to the NSS people about that. It's hard for them to
do since they try to not allow exporting private keys at all, unless
wrapped in something (eg like p12) for FIPS reasons.
> I also understand that "real" cert based auth is more common (or else people probably contend with PSK...)
I'm glad you are not using PSK, as it is the weakest method. I even
presented on this recently at IETF:
https://datatracker.ietf.org/meeting/103/materials/slides-103-ipsecme-psks-will-always-be-weak-00
So thanks for sticking with non-PSK authentication :)
Paul
More information about the Swan
mailing list