On Sun, Jul 31, 2011 at 11:17 AM, Anand Shankar <[email protected]> wrote: > What appears to be strange is that they are asking to upload the DSC > through a .pfx file or the usb token. > If u see the standards .pfx file is a pkcs12 file which contains the > public key as well as the private key!! > Am i wrong that innocent guys must have uploaded their private keys to > the income tax department? > > I wish to stand corrected. >
Just took a closer look at http://hcpldsc.com/IT%20returns%20pdf/IT%20Return%20Without%20E-Token.pdf and it looks like although the private key is uploaded it still asks for its passphrase ( shown with password dialog in pdf ) So, unless your private key isn't passphrase protected, you're really giving it away. I am still not comfortable to see that our key goes on that site; unless they are flushing out all keys after filing / like 24 hours. Any ideas anyone? Hoping all DSC's, when created are passphrase protected ( I see a password written on my USB token :D ) and I'm sure everyone in my CA's office knows my token password. FacePunch :X -- Srikrishna Das (krish at irc.freenode.net) _______________________________________________ Ilugd mailing list [email protected] http://frodo.hserus.net/mailman/listinfo/ilugd
