Certificate Handling

Fri, 7 Jul 2000 18:47:52 +0200

Hello,

On Fri, 7 Jul 2000, Tarun Upadhyay wrote:

> a) What kind of coding for certificates should be supported. I plan to

> support PEM immediately. Is DER also essential?

> b) How should a private key protected? How should its access authenticated

> without prompting for a password?

Please have a look at OpenSSL and see how they do it.  For server
applications it does not make much sense to store the secret key
encrypted unless you want to have an operator to enter that passpharse
on every startup.  The best solution would be a hardware token, used
to store and process the secret key.  I am currently looking at such
things.

  Werner

-- 
Werner Koch				OpenPGP key 621CC013
OpenIT GmbH                             tel +49 211 239577-0
Birkenstr. 12                           email   wk@OpenIT.de
D-40233 Duesseldorf                     http://www.OpenIT.de