[Swan] RSA keys help
Paul Wouters
paul at nohats.ca
Wed Jan 23 19:14:52 UTC 2019
On Wed, 23 Jan 2019, Kostya Vasilyev wrote:
> p12 would be fine - since that opens up a way to exchange with other formats.
>
> But right now importing or exporting to/from NSS seems to be limited to *certificates* not keys...
import and export work fine.
[root at thinkpad tmp]# certutil -L -d sql:/etc/ipsec.d
Certificate Nickname Trust
Attributes
SSL,S/MIME,JAR/XPI
letoams.nohats.ca u,u,u
Certificate Agency (CA) - No Hats Corporation CT,,
pwouters.nohats.ca u,u,u
Certificate Agency (CA) - NetDev CT,,
strongWest u,u,u
strongSwan CA - strongSwan CT,,
[root at thinkpad tmp]# certutil -K -d sql:/etc/ipsec.d
certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
< 0> rsa 2ad438fc7f3b65706f0381520f9f106a9eba7a96 letoams.nohats.ca
< 1> rsa 12fad02b4cfdd324049101ed1e79d5066cfc965d (orphan)
< 2> rsa 1d20a472e6e75c7cee710e7304b7b10223cc8ab9 pwouters.nohats.ca
< 3> rsa b9d591b99433b94ccc27af7f19235fe0e01b9214 (orphan)
< 4> ec 38ccad88c730f0cad273369617d2df83ecee02ae strongWest
[root at thinkpad tmp]# pk12util -o test.p12 -d sql:/etc/ipsec.d -W password -n pwouters.nohats.ca
pk12util: PKCS12 EXPORT SUCCESSFUL
[root at thinkpad tmp]# ls -l test.p12
-rw------- 1 root root 3907 Jan 23 14:11 test.p12
[root at thinkpad tmp]# mkdir /tmp/test
[root at thinkpad tmp]# ipsec initnss --nssdir /tmp/test
Initializing NSS database
[root at thinkpad tmp]# ipsec import --nssdir /tmp/test test.p12
Enter password for PKCS12 file:
pk12util: PKCS12 IMPORT SUCCESSFUL
correcting trust bits for Certificate Agency (CA) - NetDev
[root at thinkpad tmp]# certutil -L -d sql:/tmp/test
Certificate Nickname Trust
Attributes
SSL,S/MIME,JAR/XPI
pwouters.nohats.ca u,u,u
Certificate Agency (CA) - NetDev CT,,
[root at thinkpad tmp]# certutil -K -d sql:/tmp/test
certutil: Checking token "NSS Certificate DB" in slot "NSS User Private
Key and Certificate Services"
< 0> rsa 1d20a472e6e75c7cee710e7304b7b10223cc8ab9 pwouters.nohats.ca
More information about the Swan
mailing list