On Wed, 25 Jul 2007 06:19:53 -0700 "David Schwartz" <[EMAIL PROTECTED]> wrote:
> > > Thanks very much, I'm starting to understand this. One last > > question: what's the difference between the export password and the > > password that the system asks for when creating a key for which > > -des3 was specified? Why doesn't the export just inherit/use the > > key encryption password? This is confusing! > > There is no reason you couldn't enter the same password for both > purposes. Generally, it's considered bad form for crypto applications > to keep passwords that protect keys around after you've entered them, > so instead they are generally coded to prompt you each time they plan > to use a password for something. This ensures that any operation > using the password is only approved by someone who knows the password. > > The logical process is generally that you generate a key, which you > have store somehow, and then get a certificate later. Once you have > the certificate, it's convenient to bundle the certificate and key > together and use that unit. So it just follows the logical flow of > the certificate issuing and packaging process. Thank you very much again for the help and explanations. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
