Handling keys & certificates.
2012/4/23, Martin Schreiber :
> On Monday 23 April 2012 10:34:20 Ivanko B wrote:
>> I still don't understand. Please be more verbose in future. openssl
>> stores
>> private key files in DER or PEM format where the key usually is
>> protected
>> by a symmetrical encr
On Monday 23 April 2012 10:34:20 Ivanko B wrote:
> I still don't understand. Please be more verbose in future. openssl stores
> private key files in DER or PEM format where the key usually is protected
> by a symmetrical encryption for example des3.
> =
> For instance, we have:
>
I still don't understand. Please be more verbose in future. openssl stores
private key files in DER or PEM format where the key usually is protected by
a symmetrical encryption for example des3.
=
For instance, we have:
- private key => DES3 password protected
- certificate => p
On Monday 23 April 2012 08:51:16 Ivanko B wrote:
> Local CA files etc files planned to be more secure ( additional
> encryption layer/pass ).
>
I still don't understand. Please be more verbose in future. openssl stores
private key files in DER or PEM format where the key usually is protected by
a
Local CA files etc files planned to be more secure ( additional
encryption layer/pass ).
2012/4/23, Martin Schreiber :
> On Sunday 22 April 2012 23:20:16 Ivanko B wrote:
>> AFAIK OpenSSL decrypts encrypted private keys directly into the internal
>> data structures without intermedate file.
>>
On Sunday 22 April 2012 23:20:16 Ivanko B wrote:
> AFAIK OpenSSL decrypts encrypted private keys directly into the internal
> data structures without intermedate file.
> =
> Sure, but not only private keys but some other SSL related files - for
> instance, local CA files, some sensitive dat
AFAIK OpenSSL decrypts encrypted private keys directly into the internal data
structures without intermedate file.
=
Sure, but not only private keys but some other SSL related files - for
instance, local CA files, some sensitive data in certificate files
etc.
2012/4/22, Martin Schreiber
On Sunday 22 April 2012 13:39:32 Ivanko B wrote:
> Because it'll decrypt them to plain files on file system (best is a
> temporary file ) so that they be used further by SSL services.
AFAIK OpenSSL decrypts encrypted private keys directly into the internal data
structures without intermedate file
Because it'll decrypt them to plain files on file system (best is a
temporary file ) so that they be used further by SSL services. The
idea is to decrypt not to real file system (where thay can be easily
stolen by modern malware) but to pseudo (in-memory) files which can't
be read & passed to subpr
On Saturday 21 April 2012 21:52:11 Ivanko B wrote:
> It's best to decrypt keys etc sensitive session data to a temporary
> in-memory files.
> Say we have encrypted private keys, certificates etc but need to call
> OpenSSL (Stunnel) etc expecting the key be present by files. So, we'll
> have to decr
It's best to decrypt keys etc sensitive session data to a temporary
in-memory files.
Say we have encrypted private keys, certificates etc but need to call
OpenSSL (Stunnel) etc expecting the key be present by files. So, we'll
have to decrypt the files thus there'll be plain versions of them on
file
On Saturday 21 April 2012 19:05:48 Ivanko B wrote:
> me mean operating on decrypted private keys with software expecting
> them to be files (easy to steal ).
>
The encrypted key should be decrypted by OpenSSL which asks for the key-key, I
don't know. You probably should ask a security expert.
Mar
me mean operating on decrypted private keys with software expecting
them to be files (easy to steal ).
2012/4/21, Martin Schreiber :
> On Saturday 21 April 2012 17:06:18 Ivanko B wrote:
>> so that can be used as a way of passing password to OpenSSL.
>> Mainly needed to provide secure way of pass
On Saturday 21 April 2012 17:06:18 Ivanko B wrote:
> so that can be used as a way of passing password to OpenSSL.
> Mainly needed to provide secure way of passing private key after
> decrypting encrypted file presenting the key.
>
I don't understand, please explain. Maybe you should use asymmetric
so that can be used as a way of passing password to OpenSSL.
Mainly needed to provide secure way of passing private key after
decrypting encrypted file presenting the key.
--
For Developers, A Lot Can Happen In A Second.
15 matches
Mail list logo