From: M E A. <de...@gi...> - 2011-02-09 13:48:25
|
It is a pain that racoon only supports the format "plainrsa". As of recently the Debian packaging will include a contributed converter to and from PEM format, which eases the cooperation with OpenBSD systems and isakmpd/ipsecctl. I would like to suggest that also src/racoon/plainrsa-gen.c be expanded with such capability for conversions. Included in this message is code that allows plainrsa-gen(8) to take public or private PEM-formatted RSA keys as input, and from those produce the same key in "plainrsa" format, instead of generating a new, random key. The same patch also mends some incomplete handling of the output file stream, in order to enhance security somewhat. The parser of "plainrsa", as present in "src/racoon" is clearly not conceived for general use, so I gave up on the task of implementing the conversion code PLAINRSA-to-PEM. A project member should undertake this task, which ought to be manageable with the right knowledge. I can use my time in better ways. Best regards, Mats Erik Andersson, DM |