In short, as I claim always, there is nothing good in PEM, because
you can't eat the cake and have it. You either have an un-encrypted
file, or you have an encrypted file - but with another program that
outputs this password. And you don't have to look for this program -
just look at the appropriate rc.d script...
A hacker can copy your key, no matter if it is encrypted or not; It
will just spend one more minute for him.
The only use for this PEM, is when it is transferred via non-secure
ways, for example when it is e-mailed, or stored in another computer.
Or may I miss anything?
--
Eli Marmor
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
