[asterisk-dev] Encrypted RSA keys

Michiel van Baak michiel at vanbaak.info
Mon Nov 12 15:17:44 CST 2007


On 15:02, Mon 12 Nov 07, Tilghman Lesher wrote:
> We're considering some renovations to the res_crypto module, and we're
> coming across the fact that OpenSSL does encryption of RSA private keys
> in a very wacky way, that we're unable to reproduce in non-openSSL code.
> However, it is the case that initializing the keys, by typing in passphrases
> at every restart of Asterisk is very manually-oriented, certainly not
> something most people would want to depend upon (especially if you're
> running a GUI or the safe_asterisk shell script).
> 
> So we're wondering... how many people are actually using encrypted private
> RSA keys?  Anybody?  If the ability to encrypt the keys went away in a future
> version, how concerned would you be?  The security paranoid are probably
> using encrypted filesystems anyway, so the lack of an additional encryption
> layer around private keys stored on that filesystem shouldn't be a big deal.

Why would you get rid of them ?
I think it's a great feature to allow encrypted keys.

I think removing it would be the same as removing password
support from ssh keys
-- 

Michiel van Baak
michiel at vanbaak.eu
http://michiel.vanbaak.eu
GnuPG key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x71C946BD

"Why is it drug addicts and computer afficionados are both called users?"




More information about the asterisk-dev mailing list