--On 22 May 2007 7:01:55 PM -0300 Arturo 'Buanzo' Busleiman
<[EMAIL PROTECTED]> wrote:
| Guys, for mod_auth_openpgp (the OpenPGP support module for Apache I'm
| working on) to support encryption and signing (so far only has
| verification), I need to provide GnuPG the passphrase to unlock a
| private key.
|
| It's the classic SSL passphrase issue all admins work around by using a
| passwordless certificate, so I really am looking forward for some
| community feedback here.
|
| I've published this "call for ideas" on a couple of mailing lists, and
| in my site, but some help from apache developers would definitely be a
| GREAT idea.
For our https servers, we wrote a script compatible with the
SSLPassPhraseDialog of Apache 2 that retrieves the passphrase from a
central repository. This doesn't really increase the security of the
passphrase or the cert, but it makes the retrievals somewhat auditable.
-Benn-
