Hi Stephen, I agree about not preserving undocumented features. I couldn't find any place where the API usage is well documented so thought if stdin is allowed by the API is is probably ok to use. I will change my usage to use a file instead of both the key and passphrase using stdin. However if what I want is to just decrpyt the key using a passphrase and if I am running this on the system (so stdin is secure) is that a valid use to pass both on the same stream? Also how do I know what usage is correct? Can I pass the key in file and passphrase on stdin? thanks kapil
Stephen Henson via RT <[EMAIL PROTECTED]> wrote: If we had to preserve the behaviour of every undocumented feature of OpenSSL we'd never be able to change anything. Among other things this has a dependency on the way the PEM routines work. Currently they buffer the whole lot in memory and request the passphrase afterwards. A more efficient way would be to read in the headers, request the passphrase at that point, then decrypt the rest on the fly. What are you trying to do? There may be a portable way to do it. I'm not really sure what the purpose of placing a private key and its passphrase on the same stream are. If the stream is secure you might as well send the unencrypted private key. If it is not secure then an attacker could just as easily obtain the private key and passphrase. Steve. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]