On 13.11.2013 15:28, Dr Stephen Henson wrote: > I can vaguely recall that some of that code is designed to avoid the need to > enter the private key passphrase more than once by decrypting private keys > once > and storing the unencrypted forms in serialised form.
True, it allows to SIGHUP/SIGUSR1 httpd without having to reenter a passphrase. But my point is a different one, actually: why do we want to enable users to protect file-based keys with a pass phrase in the first place? As the article on the Symantec (formerly Securityfocus) site says: "It is not only inconvenient, but also gives a false sense of security." > Unfortunately it does this in an algorithm specific way which means the whole > lot needs updating every time a new algorithm arrives. That's something we can solve. My current version of ssl_pphrase_Handle() allows configuring as many keys/certs as you see fit (well, it then turns into an OpenSSL issue as you can only have one ECDSA cert e.g., IINM). > The strategy will also only work for file based keys. If in future you want to > support a key in an HSM it may not be even possible to serialise it. The > "passphrase" may also be outside software control (for example entered into > the > device via a pinpad). Correct. I doubt that we would want to add any HSM key activation dance stuff into mod_ssl, this is way too vendor specific. PKCS#11 would be the most sensible thing here, I think, but even in this case, I wonder what benefit passphrase-protected, HSM-based keys would have. Kaspar
