Jan Meijer wrote:
>
> > A hacker can copy your key, no matter if it is encrypted or not; It
> > will just spend one more minute for him.
>
> Perhaps I'm missing something here, but if your key is encrypted and the
> only way to decrypt it is to actally enter the passphrase manually (e.g. no
> automatic start-up) the hacker can steal all he wants, but needs to trojan
> some things as well to actually get to your key (unless of course you
> encrypted it with 40 bits des, but only someone in the wrong country would
> do that).
Yes, you are missing something. The message before mine, to be more
specific. A subscriber asked how to run Apache automatically (probably
from his rc.d or init.d scripts), and was answered that he should
write a program to supply this password to Apache. So I responded with
my message, that having such a program makes PEM encryption useless.
--
Eli Marmor
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
