Hi -
I'm a security newbie, and I'm trying to find a solution to this problem: I have an applet that signs X data, but in order for that to occur I need at the passwords to the keystore and the private key used to sign. Before this applet is run, a 2-way SSL session will have been established. The client will authenticate with certificate authentication - which requires yet another password to unlock the private key. I'm assuming this process is controlled by the browser and will not be able to intercept with some code to cache the key or password somehow. Now - assuming that the client will use the same password for client authentication, for signing the data (password to unlock the private key), is it possible to circumvent the re-prompting of passwords by accessing the relevant data (i.e., the password or private key) to sign the data? Thanks in advance, Allen _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
