Certificate Handling

Werner Koch wk at gnupg.org
Fri Jul 7 18:47:52 CEST 2000


On Fri, 7 Jul 2000, Tarun Upadhyay wrote:

> a) What kind of coding for certificates should be supported. I plan to
> support PEM immediately. Is DER also essential?
> b) How should a private key protected? How should its access authenticated
> without prompting for a password?

Please have a look at OpenSSL and see how they do it.  For server
applications it does not make much sense to store the secret key
encrypted unless you want to have an operator to enter that passpharse
on every startup.  The best solution would be a hardware token, used
to store and process the secret key.  I am currently looking at such


Werner Koch				OpenPGP key 621CC013
OpenIT GmbH                             tel +49 211 239577-0
Birkenstr. 12                           email   wk at OpenIT.de
D-40233 Duesseldorf                     http://www.OpenIT.de

More information about the Gnutls-devel mailing list