[EMAIL PROTECTED] wrote:
Sorry, I'm not especially aquainted with the requirements of stunnel, but what is your problem? Encryption or authentication? And if authentication, who must authenticate, you or the remote system?Bernhard Froehlich wrote:
Sure, but the story is a little bit more complicated. I have some systems running standalone, and far from here. I want to control them using VNC and encrypting the traffic between me and the systems. Those systems are accessible also to other people, so if I install a certificate with unencrypted private key, encrypting is useless, since a thirty part has private key too.Since my openssl asks me for a password when using "openssl req -new -keyout mykey.pem -out myreq.pem", I'd think the key is encrypted. Maybe your openssl.conf can influence that. If you want to be sure the key is unencrypted use the option "-nodes".one silly question: if I generate a request with openssl req -new -keyout mykey.pem -out myreq.pem 265 the private key in mykey.pem is encrypted or not?
If you cannot trust your remote system there is no way to generate trust (at least a kind of) without you entering the password on the console.
If you just want to avoid your connection being snooped during its traverse in the internet there is no need to generate a private key for your remote system, you could do as well with a symmetric key.
If you want to avoid that evil ones connect to your remote system from the internet you don't need private keys there, you'd just have the remote system check your local certificate.
BTW, my doubt is: under pcAnywhere and apache I issue certificates with private key taht, AFAIK, should be RSA encrypted, and I supply a password for the pem I generate with openssl req. Therefore how pcAnywhere and apache handle this situation, since they both DON'T ask me for any password?
[...]
Maybe this is the wrong list and you should contact the stunnel-list?
Ted ;)
-- PGP Version: 2.6.3i Public Key Information Download complete Key from ftp://ftp.convey.de/ted/tedkey.asc Key fingerprint = 26 A9 0C 25 60 15 2C B2 D0 F3 A2 31 3D 35 F3 95
smime.p7s
Description: S/MIME Cryptographic Signature
