Am Dienstag 23 Februar 2010 10:34:33 schrieb Nick Sayer: > On Feb 23, 2010, at 1:18 AM, Andreas Jellinghaus wrote: > > I verified your email, and the situation is exactly as you said. > > except your interpretation is wrong. > > > > the "rsa" command you posted, will print three things: > > * Modulus > > * Exponent > > * "RSA PRIVATE KEY" > > > > Modulus and Exponent are the information that is in public keys. > > So that is perfectly fine. None of the information available in > > private keys was posted, as openssl can't get that. > > Huh. If you use openssl rsa with -pubout, you get a *different* blob of > stuff, though it could simply differ in some insignificant way.
with -pubout your get a real public rsa key in pem format. your command resulted in the same amount of data, and it is most likely a pem file with the same content, except some wrong flags and wrong header etc. so there is no security issue with musclecard. but openssl could need some extra code for checks etc. as it currently confuses users and creates broken/invalid files. > > by the way: running an SSL server with the key on the smart card is > > propably not such a good idea - smart cards can do about one signature > > a second (if the card is fast). You might need much more than that. > > Well, it's just my home machine. Mostly the SSL stuff is imap, where the > connections are relatively long lived. > > If I were going to do this for some sort of production environment, I'd > probably use a real crypto token that had sufficient throughput. > > I suppose the desirability of stealing the private key for the SSL cert on > my home box is also relatively low... But I just don't like the idea of it > sitting on the hard disk where anyone who can root the box can read it. Then good luck! Regards, Andreas _______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
