FedoraThis forum is for the discussion of the Fedora Project.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
could someone help me understand from where openswan's pluto get's his priavte keys from...
here is what i did
i run the following commands
ipsec newhostkey --output /etc/ipsec.secrets --random /dev/random --configdir /etc/ipsec.d/ --passwrod abcdef1 --bits 2048
As far as i understand it generates the private key into /etc/ipsec.secrets but then i don't why i need to pass as an argument the location of the NSS database and it's password, can anyone explain this?
when i do certutil -K -d /etc/ipsec.d/ i do see a new entry in the list (i'm hoping it's relevant)
So when i start ipsec by /etc/init.d/ipsec restart and add my connections does pluto takes the key from ipsec.secrets from the the NSS key database?
are there any kind of associations between the NSS database and ipsec.secrets?
each key in the ipsec.secrets file has a reference to the NSS key database (you can see the reference if you look in the file and compare it to the id you see when you do certutil -K)
what i couldn't figure out yet is how to make pluto work in cases i don't se an empty password to encrypt the NSS database, anyone has a clue?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
OpenSwan question
