Back to news

*-dev: Encrypted RSA keys

#
Author: Matt Riddell
Daily Asterisk News
Ask Question

Tilghman has posted a question asking whether people actually use the encrypted RSA keys in Asterisk:

We're considering some renovations to the res_crypto module, and we're coming across the fact that OpenSSL does encryption of RSA private keys in a very wacky way, that we're unable to reproduce in non-openSSL code. However, it is the case that initializing the keys, by typing in passphrases at every restart of Asterisk is very manually-oriented, certainly not something most people would want to depend upon (especially if you're running a GUI or the safe_asterisk shell script).

So we're wondering... how many people are actually using encrypted private RSA keys? Anybody? If the ability to encrypt the keys went away in a future version, how concerned would you be? The security paranoid are probably using encrypted filesystems anyway, so the lack of an additional encryption layer around private keys stored on that filesystem shouldn't be a big deal.

--
Tilghman


Comments


Related posts

Back to top

Ready to supercharge your business?

Dialer pricing from only $300 per month!