rpms
/
crypto-utils
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

no key encryption password needed when using nss database

This commit is contained in:
Elio Maldonado 2008-05-03 22:58:40 +00:00
parent eff035f7f8
commit 87b048dea4
1 changed files with 20 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
genkey.pl
View File

@ -627,8 +627,13 @@ sub savePassword
}
# Prompts for key encryption password
# When using NSS skip prompting as the
# key is protected in the database via
# the module access password.
sub keyPasswordWindow
{
return "Next "if $nss;
my $message = <<EOT;
At this stage you can set the passphrase on your private key. If you
set the passphrase you will have to enter it every time the server
@ -737,10 +742,9 @@ EOT
#
sub nssUtilCmd {
my ($debug, $cmd, $args, $msg) = @_;
my ($cmd, $args, $debug) = @_;
Newt::Suspend();
print STDOUT "$msg" if $msg;
print STDOUT "$cmd $args"."\n";
if ($debug) {
system("gdb $cmd");
@ -752,7 +756,7 @@ sub nssUtilCmd {
}
#
# make certificate using the database
# make a certificate using the database
#
sub makeCertNSS
{
@ -779,8 +783,7 @@ sub makeCertNSS
$args .= "-d $modNssDbDir ";
$args .= "-o $certfile";
nssUtilCmd($debug, $cmd, $args,
"\nGenerating the cert\n\n");
nssUtilCmd($cmd, $args, $debug);
unlink($noisefile) unless $debug;
@ -812,13 +815,11 @@ sub genRequestNSS
$args .= "-k rsa ";
$args .= "-g $bits ";
$args .= "-f $pwdfile " if $pwdfile;
$args .= "-v $months ";
$args .= "-v $months ";
$args .= "-z $noisefile " if $noisefile;
$args .= "-o $csrfile ";
$args .= " > $csrfile ";
nssUtilCmd($debug, $cmd, $args,
"\nGenerating cert request (may take some time)\n\n");
nssUtilCmd($cmd, $args, $debug);
unlink($noisefile) unless $debug;
@ -831,8 +832,8 @@ sub genRequestNSS
}
}
# Generate a CA certificate file saving to private key to a file
# Do not leave keys or certs in the database, use keyutil instaed of certutil.
# Generate a CA certificate file.
# Use keyutil which supports exporting the key.
sub makeCertOpenSSL
{
my ($keyfile, $certfile, # output
@ -855,8 +856,7 @@ sub makeCertOpenSSL
$args .= "-o $certfile ";
$args .= "-k $keyfile";
nssUtilCmd($debug, $cmd, $args,
"\nPlease wait - generating the cert (this may take some time)\n\n");
nssUtilCmd($cmd, $args, $debug);
if (!-f $certfile) {
Newt::newtWinMessage("Error", "Close",
@ -883,8 +883,7 @@ sub makeCertOpenSSL
# Create a certificate-signing request file that can be submitted to a
# Certificate Authority (CA) for processing into a finished certificate.
# Do not use the nss database, use keyutil instead of certutil. Export
# the key if possible.
# Use keyutil which exports key.
sub genRequestOpenSSL
{
my ($keyfile,$csrfile, # output
@ -906,8 +905,7 @@ sub genRequestOpenSSL
# user wants the key in the clar
$args .= "-z $noisefile " if $noisefile;
nssUtilCmd($debug, $cmd, $args,
"\nPlease wait - generating the request (may take some time)\n\n");
nssUtilCmd($cmd, $args, $debug);
unlink($noisefile) unless $debug;
Newt::Resume();
@ -1125,8 +1123,7 @@ sub genReqWindow
return $ret unless ($ret eq "Next");
if ($nss) {
genRequestNSS($csrfile,
$subject, 730, $randfile, $tmpPasswordFile);
genRequestNSS($csrfile, $subject, 730, $randfile, "");
} else {
genRequestOpenSSL($keyfile, $csrfile,
$subject, 730, $randfile, $tmpPasswordFile);
@ -1139,7 +1136,7 @@ sub genReqWindow
if ($nss) {
makeCertNSS($certfile,
$subject, $cert_days, $nickname,
$randfile, $tmpPasswordFile);
$randfile, "");
} else {
makeCertOpenSSL($keyfile,$certfile,
$subject, $cert_days,
@ -1251,7 +1248,7 @@ sub genCertWindow
if ($nss) {
makeCertNSS($certfile, # output
$subject,$cert_days,$nickname,
$randfile,$tmpPasswordFile);
$randfile,"");
} else {
makeCertOpenSSL($keyfile,$certfile, # output
$subject,$cert_days,
@ -1279,7 +1276,7 @@ sub genCACertWindow
if ($nss) {
makeCertNSS($certfile,$subject,730,$nickname,
$randfile,$tmpPasswordFile);
$randfile,"");
} else {
makeCertOpenSSL($keyfile,$certfile,$subject,730,
$randfile,$tmpPasswordFile);