Two realistic options:
A) Use the "-passin" option to the openssl tool, this can be used to
specify that the password should be read from a pipe, whose output
comes from a program that obtains it in some secure way and which
is only willing to output it under the right circumstances.
I don't rememeber if PHP has the ability to write to a pipe without first
putting the data (password) on a command line, in a file or some other
insecure location.
B) Put the CA private key on a different (virtual) computer, where the
openssl command can be run in a more protected environment than
an open web server, then let it accept specific non-HTTP commands
from the web server.
On 11/29/2011 10:43 AM, Peter wrote:
I know. that's why i'm looking for a way, where I can provide it in
some way other than needing to interact with system.
2011/11/29 Curt Sampson <c...@cynic.net <mailto:c...@cynic.net>>
On 2011-11-29 04:15 +0100 (Tue), Peter wrote:
> It generally works, but after the command above is sent, i have
to type in
> pass phrase manually. I need it to be done automatically.
I believe you can just remove the passphrase from the key file.
This of
course has the obvious security implications.
cjs
--
Curt Sampson <c...@cynic.net <mailto:c...@cynic.net>> +81 90 7737
2974 <tel:%2B81%2090%207737%202974>
http://www.starling-software.com/
I have always wished for my computer to be as easy to use as my
telephone;
my wish has come true because I can no longer figure out how to use my
telephone. --Bjarne Stroustrup
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
<mailto:openssl-users@openssl.org>
Automated List Manager majord...@openssl.org
<mailto:majord...@openssl.org>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
