Salam!
Some time ago I've testing application, signing and verifying
signature on files. It works OK when I used for signing the test
certificate, including in the OpenSSL
distribution (apps/server.pem). Private key was readed by
PEM_read_bio_PrivateKey(in,NULL,NULL,NULL), that is without passphrase
callback.
When I try to supply my own certificate generated by openssl req/ca -
PEM_read_bio_PrivateKey failes. The question is: how to create
certficates without passphrased private keys (like apps/server.pem)
with openssl (consider that openssl need passphrase at least 4 symbols
long) and how it can decrease security of system, providing this
certificate will be stored in a cool & dry place without any hackers?
Is there another way to sign data with passphrased certificate except
storing passphrases in clear text (or symmetry-encoded by some
cleartext key)
Thanx.
--
WBR, Oleg Amiton
Epsylon Technologies
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
