this message in context:
http://www.nabble.com/How-to-protect-the-private-key-%21-tp19489983p20346930.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project http
2008/11/5 BiGNoRm6969 [EMAIL PROTECTED]
Hi,
I did not know about the function EVP_PKEY *PEM'_read_PrivateKey(FILE *fp,
EVP_PKEY **pkey,pem_password_callback function *cb,void *u ) and it's
exactly what I need to use (very similar situation like the author of this
thread).
However, how
Hooray, this question I can answer. (Maybe someone can answer mine
now?)
I dont know if it is a bad way, cryptographically, but it works.
//The bio to handle a char *
static BIO *memory_buf_BIO(const char* buf, int len)
{
BIO* bio;
BUF_MEM* mem;
if (!buf)
return NULL;
if (len ==
Am Montag, 15. September 2008 11:48:15 schrieb Dan Ribe:
Hi,
I have a client/server application, where client authenticate itself by
signing a random string (sent by server) using its private key. Whole logic
is working fine for me. I am using PEM_read_PrivateKey() function to read
the
On Wed 17 Sep 2008 (09:38 -0700), David Schwartz wrote:
Dan Ribe:
I am using the private key just to authenticate the client.
Once server has authenticated the client (by using the public
key of client), it will give access to that client.
If the application is a single process that
I am using the private key just to authenticate the client. Once server has
authenticated the client (by using the public key of client), it will give
access to that client. So I will say that in this case users of my client
application need not to have access to the private key (becasue this
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dan Ribe schrieb:
| I am using the private key just to authenticate the client. Once server
| has authenticated the client (by using the public key of client), it
| will give access to that client. So I will say that in this case users
| of my client
Dan Ribe:
I am using the private key just to authenticate the client.
Once server has authenticated the client (by using the public
key of client), it will give access to that client.
So you want the server to condition access to a resource based on what
software is being used, and to reject
Hi,
I have a client/server application, where client authenticate itself by
signing a random string (sent by server) using its private key. Whole logic
is working fine for me. I am using PEM_read_PrivateKey() function to read
the private key from the key file which is stored on the disk.
As per
and converted to PEM format with 'openssl
pkcs12'.
My problem is that I can't find how to protect my private key. To have
an explict BEGIN RSA PRIVATE KEY section in the PEM file, I
need the -nodes option to the pkcs12 command, otherwise the private is
is hidden in the certificate
with 'openssl
pkcs12'.
My problem is that I can't find how to protect my private key. To have
an explict BEGIN RSA PRIVATE KEY section in the PEM file, I
need the -nodes option to the pkcs12 command, otherwise the private is
is hidden in the certificate. But in the -nodes case the private key
11 matches
Mail list logo
