On Mon, 23 Jul 2007 23:31:03 +0200 "Dr. Stephen Henson" <[EMAIL PROTECTED]> wrote:
> > Hi, this doesn't seem to be happening. Doesn't the client need a > > password to decrypt the private key or does the export create the > > private key in cleartext? I can use the key without ever giving a > > password in either Thunderbird or Outlook. > > > > It depends on what commands you use. The 'pkcs12' utility prompts for > an export password for this purpose. > > > > > > > Once the key is decrypted and stored internally the client will > > > use its own technique when deciding if and when to use a password > > > to protect the key. > > > > That would be fine but I'm not getting that far. I suspect I'm > > missing an option when I create the pkcs12 file with the private > > key or I did something else wrong. How do I find out what I did > > wrong in exporting the pkcs12 file? I'll be thankful for any > > suggestions where to look. Thanks again. > > > > It will ask you for the password only once the very first time the > PKCS#12 file is imported. After that it is down to facilities of the > program itself to decide what (if any) password to prompt for. > > Steve. Thanks very much, I'm starting to understand this. One last question: what's the difference between the export password and the password that the system asks for when creating a key for which -des3 was specified? Why doesn't the export just inherit/use the key encryption password? This is confusing! Thank you for your help and explanations. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]