On 6/7/05, Michael Bell <[EMAIL PROTECTED]> wrote:
> If you want a clean solution then you must edit
> src/modules/openca-crypto/Token/OpenSSL.pm too. The fix is simple:
Thanks for the reply! The patch to the OpenSSL.pm module is very
usefull, because now I've made a workaround for my CMS interface:
my @passwords = ("superdifficultpassword");
$ca_token->{PASSWD} = join ( "", @passwords );
$ca_token->{OPENSSL}->{PASSWD} = $ca_token->{PASSWD};
$ca_token->{ONLINE} = 1;
but this is obviously a very ugly workaround :-)
I'll use your version of OpenSSL.pm!
> You must have a source for the passphrase of course.
I can put this password in the configuration file of my new CMS
"interface" (when I finish this I intend to share the code with you, I
think it can be usefull to all). But another question, can I put an
hash of the password in config and pass this hash to the token login ?
This is a CA password, it's not so secure to put it in clear :-P
> If you use a HSM like LunaCA for example then you can activate the
> device and simply use it but the operational questions for LunaCA
> devices are not my main interest. Bahaa, Chris and Martin are the guys
> who really use HSMs.
Great, I'll make some more questions when I configure the HSM in the
system. I think there is only some adjustments to the code in order to
make automatic the token login on the HSM instead of using the
password.
--
Diego de Felice
-------------------------------------------------------
This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput
a projector? How fast can you ride your desk chair down the office luge track?
If you want to score the big prize, get to know the little guy.
Play to win an NEC 61" plasma display: http://www.necitguy.com/?r
_______________________________________________
OpenCA-Devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-devel
