[asterisk-dev] Encrypted RSA keys

Tilghman Lesher tilghman at mail.jeffandtilghman.com
Mon Nov 12 15:02:47 CST 2007


We're considering some renovations to the res_crypto module, and we're
coming across the fact that OpenSSL does encryption of RSA private keys
in a very wacky way, that we're unable to reproduce in non-openSSL code.
However, it is the case that initializing the keys, by typing in passphrases
at every restart of Asterisk is very manually-oriented, certainly not
something most people would want to depend upon (especially if you're
running a GUI or the safe_asterisk shell script).

So we're wondering... how many people are actually using encrypted private
RSA keys?  Anybody?  If the ability to encrypt the keys went away in a future
version, how concerned would you be?  The security paranoid are probably
using encrypted filesystems anyway, so the lack of an additional encryption
layer around private keys stored on that filesystem shouldn't be a big deal.

-- 
Tilghman



More information about the asterisk-dev mailing list