Certificate Handling
Werner Koch
wk at gnupg.org
Fri Jul 7 18:47:52 CEST 2000
Hello,
On Fri, 7 Jul 2000, Tarun Upadhyay wrote:
> a) What kind of coding for certificates should be supported. I plan to
> support PEM immediately. Is DER also essential?
> b) How should a private key protected? How should its access authenticated
> without prompting for a password?
Please have a look at OpenSSL and see how they do it. For server
applications it does not make much sense to store the secret key
encrypted unless you want to have an operator to enter that passpharse
on every startup. The best solution would be a hardware token, used
to store and process the secret key. I am currently looking at such
things.
Werner
--
Werner Koch OpenPGP key 621CC013
OpenIT GmbH tel +49 211 239577-0
Birkenstr. 12 email wk at OpenIT.de
D-40233 Duesseldorf http://www.OpenIT.de
More information about the Gnutls-devel
mailing list