>SSLpassphrasefile is:
>
>#!/bin/sh
>echo (passphrase)
Write a program in C.
First thing to check is to make sure that stdout is not a tty.
There are various things you can do to make it harder and harder for a
hacker to steal your key. But if the hacker has root on your machine,
there's really nothing you can do, they could set up a grabber to steal the
encryption passphrase, so nothing is really secure.
Don't store the passphrase in plain text in the C program, write a function
similar to memfrob() that XORs each character in the string with a number
you pick, then store the encrypted version in the C source.
The key thing to check is what UID the program is running as.. if you're
root, go ahead and put the passphrase on stdout, otherwise return a bogus
value, or nothing, or send an email, or whatever.
J
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
