[Nfd-dev] Moving certs around
Alex Afanasyev
aa at CS.UCLA.EDU
Sun Sep 11 20:02:27 PDT 2016
> On Sep 11, 2016, at 7:13 PM, Burke, Jeff <jburke at remap.UCLA.EDU> wrote:
>
> Hi Junxiao,
>
> Thanks for the quick reply. Yes, I prefer not to copy them but am having the issues with autopropagation of a subprefix mentioned in my other recent email, and also occasionally need to move certs around to debug things.
>
> Also, thanks for the explanation of ndnsec and reminder about the ndnsec-* way of invoking them. I realize that I have been using ndnsec rather than ndnsec-* so the command-line options weren’t obviously available. (Added a low-priority issue #3777 about this.) I’ll look there first or in the docs, next time.
We should definitely add more help text, however ndnsec-* tools are simple wrappers for ndnsec tool. If you run ndnsec <command> -h (or ndnsec <command> --help) it will list the command-line options, as it would be equivalent to ndnsec-<command> -h.
--
Alex
>
> Best,
> Jeff
>
>> From: Junxiao Shi <shijunxiao at email.arizona.edu>
>> Date: Sunday, September 11, 2016 at 6:06 PM
>> To: Jeff Burke <jburke at remap.ucla.edu>
>> Cc: "nfd-dev at lists.cs.ucla.edu" <nfd-dev at lists.cs.ucla.edu>
>> Subject: Re: [Nfd-dev] Moving certs around
>>
>> Hi Jeff
>>
>> It's not recommended to copy private keys across machines. The best practice is to request a different certificate for each machine.
>>
>> With that being said, ndnsec-export can write a key pair (certificate and private key) into a file protected by a password. This file can then be copied to another machine, and installed via ndnsec-import command. These commands must be called with "-p" option (to include private key); they are useless otherwise (returns an error).
>> An example of using these commands is in https://yoursunny.com/t/2016/nfd-prefix/ "where's the key chain" section. "sudo HOME=/var/lib/ndn/nfd -u ndn" portion is used to select PPA NFD's key chain, and you should omit this part if you are dealing with user's key chain.
>>
>> Yours, Junxiao
>>
>> On Sun, Sep 11, 2016 at 12:50 PM, Burke, Jeff <jburke at remap.ucla.edu> wrote:
>>> Hi folks,
>>>
>>> Are there any instructions around on the best/easiest way to move or copy NDN certs (including the private key) from system to system, especially from MacOS to/from tpm-based stores? (I have a sort of painful method worked out, but was hoping for something easier.)
>>>
>>> Thanks,
>>> Jeff
> _______________________________________________
> Nfd-dev mailing list
> Nfd-dev at lists.cs.ucla.edu
> http://www.lists.cs.ucla.edu/mailman/listinfo/nfd-dev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20160911/b3a3537e/attachment.bin>
More information about the Nfd-dev
mailing list