Being able to pass passwords via file descriptors is great when calling openssl from another application. However, it would be nice if file descriptors could be passed -anywhere- a file was expected, perhaps by prepending an ampersand. For example, in a Perl script or from a MUA, i could create two pipes, write the public cert to one and the private key to the other, and pass the read ends of each pipe to openssl: openssl smime -decrypt -inkey &3 -recip &5 Currently, i have to create temporary files to pass openssl the key and cert (since stdin is used to transmit the message). It's quite a pain to securely create a temp file in -and- know its filename, at least in Perl and possibly elsewhere. Plus then you have to clean up after the temp files, and worry about what happens when your program hangs or dies before your unlink() call... Using file descriptors would be a lot easier. I suppose i could do something like openssl smime -decrypt -inkey /dev/fd/3 -recip /dev/fd/5 or openssl smime -decrypt -inkey /proc/12345/fd/3 -recip /proc/12345/fd/5 ...but i doubt that's a very portable thing to do. I'm willing to put together a patch that adds this functionality, i just first want to make sure i'm not missing something. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
