Forum Discussion
NiHo_202842
Cirrostratus
CirrostratusPrivate key password location?
Hello,
I am currently looking at the option to store our private keys encrypted on the bigip.
But for this to be beneficial of any kind, I would need to know how and where the bigip stores the p...
It's stored in LTM config.
Check the BigIP conf backup file
. Search for the relevant private key or ssl profile object. The password/passphrase itself should be visible as MD5-salt hash./config/bigip.confIf you initially encrypted your private keys on BigIP appliance, it's recommended to eliminate bash history since the commands you executed (incl. the password itself) will be in plain-text. You can delete bash history by issuing command
.rm ~/.bash_history
Hannes_Rapp_162
Nacreous
NacreousIt's stored in LTM config.
Check the BigIP conf backup file
/config/bigip.confIf you initially encrypted your private keys on BigIP appliance, it's recommended to eliminate bash history since the commands you executed (incl. the password itself) will be in plain-text. You can delete bash history by issuing command
rm ~/.bash_history
NiHo_202842Thank you for your answer @Hannes Rapp. Is the salt derived from the master key, generated on the device at boot?- Hannes_Rapp_162I think it's a static hash and only generated once, just as you save the related config object. I could be wrong here, but my test hash stayed the same after reboot. This format does not seem to be vulnerable to public MD5 crackers as simple dictionary words like "hi" and "hello" returned no result.