Re: [opencryptoki-users] Hi~ guys ~ I have a question about opencryptoki
Brought to you by:
ebarretto
From: Klaus H. K. <kl...@li...> - 2009-09-09 11:19:47
|
On 09/08/2009 10:53 PM, mark.wen wrote: > Hi~ Klaus > Thanks your reply . You mean the file (PRIVATE_ROOT_KEY.pem , > PUBLIC_ROOT_KEY.pem) will produce automatically after executing > tpmtoken_init. Am I right ? Yes. tpmtoken_init should create the files under <prefix>/var/lib/opencryptoki/tpm/$USER. Those keys are only there for migration purposes (so you could migrate this directory to another system and still use the PKCS#11 datastore). You *can* move them to a safer storage in case you want to avoid brute force attacks against those keys. Please refer to http://trousers.sourceforge.net/pkcs11.html for more info. -Klaus -- Klaus Heinrich Kiwi | kl...@br... | http://blog.klauskiwi.com Open Source Security blog : http://www.ratliff.net/blog IBM Linux Technology Center : http://www.ibm.com/linux/ltc |