You can generate a passphrase for an object in a keystore, and for the keystore itself. The passphrase is required to access the object or keystore. For an example of generating a passphrase for an object in a keystore, see Example 15–4.
Generate a passphrase for access to a keystore.
% pktool setpin keystore=nss|pkcs11 dir=directory |
Answer the prompts.
If the keystore does not have a password already set, press the Return key to create the password.
Enter current token passphrase:Press the Return key Create new passphrase:Type the passphrase that you want to use Re-enter new passphrase:Retype the passphrase Passphrase changed. |
The keystore is now protected by passphrase. If you lose the passphrase, you lose access to the objects in the keystore.
The following example shows how to set the passphrase for an NSS database. Because no passphrase has been created, the user presses the Return key at the first prompt.
% pktool setpin keystore=nss dir=/var/nss Enter current token passphrase:Press the Return key Create new passphrase: has8n0NdaH Re-enter new passphrase: has8n0NdaH Passphrase changed. |