Wan-Teh Chang wrote: > On Sat, Sep 27, 2008 at 12:17 PM, Nelson B Bolyard <[EMAIL PROTECTED]> wrote: > >> Subrata Mazumdar wrote, On 2008-09-27 06:33: >> >>> Actually, the problem is even worse - some of the applications use >>> unencrypted private key >>> >> That is precisely why NSS does not support PKCS#8 files. Applications >> that generate private keys and then just leave them lying around in >> unprotected files are having fun with cryptography, but aren't serious >> about security. NSS is serious about security. >> > > I am very interested in the secure solution to this problem: how to > manage a large number of servers easily. It'd be cumbersome > to have to enter the password for the private key to each of the > servers. > > I suspect that some NSS-based servers read the password from > an unencrypted file. Our selfserv test program has such an > option (-f password_file). How does mod_nss solve this problem? > > > Wan-Teh > I was wondering about this problem. I am also curious to find out what is the best practice in storing password for servers for accessing protected key stores. -- Subrata
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
