Thank you for sharing your knowledge Slav :)
Eric,
There's just one more thing: the non-exportable certificates can in fact be exported, because the OS mechanisms that prevent the export aren't a security
boundary (unless the cert is in specialised hardware storage like HSM or smart card)
http://www.isecpartners.com/jailbreak.html
s.
Eric wrote:Thank you for sharing your knowledge Slav :)
ce containing the PFX file to install the key to the servers that need it >>> (making sure not to mark the private keys as exportable when importing >>> onto the server), and finally storing the device in a locked safe, where >>> it remains
Thanks Alun for those nice advices ! =))
--
Eric
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 493 |
Nodes: | 16 (2 / 14) |
Uptime: | 05:28:03 |
Calls: | 9,709 |
Calls today: | 4 |
Files: | 13,740 |
Messages: | 6,181,034 |