[asterisk-dev] Encrypted RSA keys
Johansson Olle E
oej at edvina.net
Mon Nov 12 15:22:28 CST 2007
12 nov 2007 kl. 22.02 skrev Tilghman Lesher:
> We're considering some renovations to the res_crypto module, and we're
> coming across the fact that OpenSSL does encryption of RSA private
> keys
> in a very wacky way, that we're unable to reproduce in non-openSSL
> code.
> However, it is the case that initializing the keys, by typing in
> passphrases
> at every restart of Asterisk is very manually-oriented, certainly not
> something most people would want to depend upon (especially if you're
> running a GUI or the safe_asterisk shell script).
>
> So we're wondering... how many people are actually using encrypted
> private
> RSA keys? Anybody? If the ability to encrypt the keys went away in
> a future
> version, how concerned would you be? The security paranoid are
> probably
> using encrypted filesystems anyway, so the lack of an additional
> encryption
> layer around private keys stored on that filesystem shouldn't be a
> big deal.
I have an upstream provider using this, and they keep forgetting to
initialize
their keys everytime they restart Asterisk... Not good for them or for
me.
As you say, I don't really see the point on a server. If I'm using
Asterisk on
a client device, like my laptop, it could make sense... But not so much
that I'm voting for keeping it.
/O
---
* Olle E Johansson - oej at edvina.net
* Asterisk SIP Masterclass Jan 2007 - http://edvina.net
More information about the asterisk-dev
mailing list