Re: Certificate Handling

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Certificate Handling

From:	Werner Koch
Subject:	Re: Certificate Handling
Date:	Fri, 7 Jul 2000 18:47:52 +0200
User-agent:	Mutt/1.1.8i

Hello,

On Fri, 7 Jul 2000, Tarun Upadhyay wrote:

> a) What kind of coding for certificates should be supported. I plan to
> support PEM immediately. Is DER also essential?
> b) How should a private key protected? How should its access authenticated
> without prompting for a password?

Please have a look at OpenSSL and see how they do it.  For server
applications it does not make much sense to store the secret key
encrypted unless you want to have an operator to enter that passpharse
on every startup.  The best solution would be a hardware token, used
to store and process the secret key.  I am currently looking at such
things.

  Werner

-- 
Werner Koch                             OpenPGP key 621CC013
OpenIT GmbH                             tel +49 211 239577-0
Birkenstr. 12                           email   address@hidden
D-40233 Duesseldorf                     http://www.OpenIT.de

[Prev in Thread]

Current Thread

[Next in Thread]

Certificate Handling, Tarun Upadhyay, 2000/07/07
- Re: Certificate Handling, Werner Koch <=

Prev by Date: Certificate Handling
Previous by thread: Certificate Handling
Index(es):
- Date
- Thread