On Sat, Sep 27, 2008 at 12:17 PM, Nelson B Bolyard <[EMAIL PROTECTED]> wrote: > Subrata Mazumdar wrote, On 2008-09-27 06:33: >> >> Actually, the problem is even worse - some of the applications use >> unencrypted private key > > That is precisely why NSS does not support PKCS#8 files. Applications > that generate private keys and then just leave them lying around in > unprotected files are having fun with cryptography, but aren't serious > about security. NSS is serious about security.
I am very interested in the secure solution to this problem: how to manage a large number of servers easily. It'd be cumbersome to have to enter the password for the private key to each of the servers. I suspect that some NSS-based servers read the password from an unencrypted file. Our selfserv test program has such an option (-f password_file). How does mod_nss solve this problem? Wan-Teh _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
