Diego de Felice wrote:
I can put this password in the configuration file of my new CMS "interface" (when I finish this I intend to share the code with you, I think it can be usefull to all). But another question, can I put an hash of the password in config and pass this hash to the token login ? This is a CA password, it's not so secure to put it in clear :-P
A hash/digest is a one-way function. This means that there should be no way to construct the original from the digest. So you need the passphrase somewhere.
A better trick would be to ask for the passphrase during the server startup on the command line and then store the passphrase in a global variable of the server. It is not really secure but much better than storing it in a config file.
Great, I'll make some more questions when I configure the HSM in the system. I think there is only some adjustments to the code in order to make automatic the token login on the HSM instead of using the password.
If you use an HSM in an online CA then you simply login into the HSM and never logout (at minimum on a LunaCA/SA).
Michael -- _______________________________________________________________ Michael Bell Humboldt-Universitaet zu Berlin Tel.: +49 (0)30-2093 2482 ZE Computer- und Medienservice Fax: +49 (0)30-2093 2704 Unter den Linden 6 [EMAIL PROTECTED] D-10099 Berlin _______________________________________________________________
smime.p7s
Description: S/MIME Cryptographic Signature
