On 13/11/2013 14:06, Kaspar Brand wrote: > > Taking a step back, however, I wonder what problem we're really solving > with the support for encrypted private keys. SSLPassPhraseDialog and its > three incarnations (builtin, pipe and exec) have been in mod_ssl ever > since 2.0, sure, but what do they actually protect against? Are private > keys for mod_ssl really still "typically encrypted", as the comment in > ssl_engine_pphrase.c written in 1998 is telling us? >
I can vaguely recall that some of that code is designed to avoid the need to enter the private key passphrase more than once by decrypting private keys once and storing the unencrypted forms in serialised form. Unfortunately it does this in an algorithm specific way which means the whole lot needs updating every time a new algorithm arrives. The strategy will also only work for file based keys. If in future you want to support a key in an HSM it may not be even possible to serialise it. The "passphrase" may also be outside software control (for example entered into the device via a pinpad). Steve. -- Dr Stephen Henson. OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 +1 877-673-6775 shen...@opensslfoundation.com
