Because it'll decrypt them to plain files on file system (best is a temporary file ) so that they be used further by SSL services. The idea is to decrypt not to real file system (where thay can be easily stolen by modern malware) but to pseudo (in-memory) files which can't be read & passed to subprocess (as files since most SSL services expect them to be files) but the application itself.
2012/4/22, Martin Schreiber <mse00...@gmail.com>: > On Saturday 21 April 2012 21:52:11 Ivanko B wrote: >> It's best to decrypt keys etc sensitive session data to a temporary >> in-memory files. >> Say we have encrypted private keys, certificates etc but need to call >> OpenSSL (Stunnel) etc expecting the key be present by files. So, we'll >> have to decrypt the files thus there'll be plain versions of them on >> filesystem which is insecure... >> > Why don't you let OpenSSL decrypt the key files? > > Martin > > ------------------------------------------------------------------------------ > For Developers, A Lot Can Happen In A Second. > Boundary is the first to Know...and Tell You. > Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! > http://p.sf.net/sfu/Boundary-d2dvs2 > _______________________________________________ > mseide-msegui-talk mailing list > mseide-msegui-talk@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/mseide-msegui-talk > ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2 _______________________________________________ mseide-msegui-talk mailing list mseide-msegui-talk@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mseide-msegui-talk
