On Mon, Sep 15, 2003, Andrew Stickland wrote: > Hi, > > I've encountered a problem with "openssl rsautl" in that I need to use the > sign function and submit the passphrase from another application. > > On Unix I could use an 'expect' but even that would be rather dirty and I'm > not on Unix for this project. I could decrypt the private key to disk and > use it but this has security implications. This has been raised before on > this forum but I've not found a satisfactory answer. > > As a rusty C programmer I've had a look at the rsa.c code in \apps - > couldn't the "app_passwd(bio_err, passargin, passargout, &passin, &passout)" > functionality be added to rsautl and 'passin' handed to load_key()? > > As I said, I'm rusty so I may have overlooked obvious problems with this. > > I look forward to your responses. >
Yes it could be done (I may look into it if I ever get any time...) there's a minor complication in that you get an EVP_PKEY structure back from load_key() which you have to extract the RSA structure from (checking first that it really is and RSA key). Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]