[asterisk-dev] Encrypted RSA keys
Tzafrir Cohen
tzafrir.cohen at xorcom.com
Mon Nov 12 15:26:25 CST 2007
On Mon, Nov 12, 2007 at 10:17:44PM +0100, Michiel van Baak wrote:
> On 15:02, Mon 12 Nov 07, Tilghman Lesher wrote:
> > We're considering some renovations to the res_crypto module, and we're
> > coming across the fact that OpenSSL does encryption of RSA private keys
> > in a very wacky way, that we're unable to reproduce in non-openSSL code.
> > However, it is the case that initializing the keys, by typing in passphrases
> > at every restart of Asterisk is very manually-oriented, certainly not
> > something most people would want to depend upon (especially if you're
> > running a GUI or the safe_asterisk shell script).
> >
> > So we're wondering... how many people are actually using encrypted private
> > RSA keys? Anybody? If the ability to encrypt the keys went away in a future
> > version, how concerned would you be? The security paranoid are probably
> > using encrypted filesystems anyway, so the lack of an additional encryption
> > layer around private keys stored on that filesystem shouldn't be a big deal.
>
> Why would you get rid of them ?
> I think it's a great feature to allow encrypted keys.
>
> I think removing it would be the same as removing password
> support from ssh keys
In what scenario do you start Asterisk manually?
In what scenario where you don't start Asterisk manually does encrypting
the keys help?
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.cohen at xorcom.com
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir
More information about the asterisk-dev
mailing list