Quoting Emre Binisik <[EMAIL PROTECTED]>: > > -----Ursprüngliche Nachricht----- > > Von: [EMAIL PROTECTED] [mailto:owner-openssl- > > [EMAIL PROTECTED] Im Auftrag von [EMAIL PROTECTED] > > Gesendet: Samstag, 29. März 2008 20:34 > > An: openssl-users@openssl.org > > Betreff: Re: Problems about how to store private key safely > > > > Hello, > > > > [EMAIL PROTECTED] wrote on 03/28/2008 10:18:39 AM: > > > > > Hello, > > > > > > I hope to design an application that uses OpenSSL. Users will use > > this > > application from > > > different PCs or Laptops. Therefore, users will have to have their > > private key in > > > different pcs. If I use the pass phrase protected private key, is it > > possible for other > > > persons to steal and decrypt that key. > > > > > > Or do you have more feasible ways to implement it? > > Smartcards. > > > One question here: Is there a possibility or interface, > to make the private key operations on the smartcard, > so that the private key never leave the smardcard? > For example some functionality, that maps private key > operations on pkcs11?
Hallo. I am no expert, but I have worked with digital certificates on smart cards to control access to SSL (via openssl) on Apache. The private keys were indeed locked on the smart card with no way to copy them off as a security measure. With SSL via the browser, a bit of software called a security module plugs in to the browser for controlling access to the certs on the smart card. >From what I read at the time, if it is possible to crack that, it is not trivial. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
