Thank you for sharing your knowledge Slav :)
Eric,
There's just one more thing: the non-exportable certificates can in fact be exported, because the OS mechanisms that prevent the export aren't a security
boundary (unless the cert is in specialised hardware storage like HSM or smart card)
http://www.isecpartners.com/jailbreak.html
s.
Eric wrote:Thank you for sharing your knowledge Slav :)
ce containing the PFX file to install the key to the servers that need it >>> (making sure not to mark the private keys as exportable when importing >>> onto the server), and finally storing the device in a locked safe, where >>> it remains
Thanks Alun for those nice advices ! =))
--
Eric
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 490 |
Nodes: | 16 (3 / 13) |
Uptime: | 57:48:19 |
Calls: | 9,675 |
Calls today: | 6 |
Files: | 13,719 |
Messages: | 6,171,250 |