OpenSwan question
 

could someone help me understand from where openswan's pluto get's his priavte keys from...

here is what i did
i run the following commands
ipsec newhostkey --output /etc/ipsec.secrets --random /dev/random --configdir /etc/ipsec.d/ --passwrod abcdef1 --bits 2048

As far as i understand it generates the private key into /etc/ipsec.secrets but then i don't why i need to pass as an argument the location of the NSS database and it's password, can anyone explain this?

when i do certutil -K -d /etc/ipsec.d/ i do see a new entry in the list (i'm hoping it's relevant)

So when i start ipsec by /etc/init.d/ipsec restart and add my connections does pluto takes the key from ipsec.secrets from the the NSS key database?

are there any kind of associations between the NSS database and ipsec.secrets?

ok, I find the following:

each key in the ipsec.secrets file has a reference to the NSS key database (you can see the reference if you look in the file and compare it to the id you see when you do certutil -K)
what i couldn't figure out yet is how to make pluto work in cases i don't se an empty password to encrypt the NSS database, anyone has a clue?


Amir