26 Nov
2009
26 Nov
'09
2:25 a.m.
On Fri, Nov 13, 2009 at 09:52:28AM -0600, Aaron Thoreson wrote:
I apologize if this has been covered. The
signal-to-noise ration in my
Google searching and GMANE/MARC searching didn't lead me to good results...
I see a few posts from ~2004 regarding passphrase protected SSL keys.
Mr. Horms indicated that he thought it ought to work, but was unable to
devote effort at the time, being 'snowed under' :)
Was this functionality added? I see in the .c code some callbacks to
the ctx 'passphrase' parts of libssl but can't tell where it's getting
sent along, if at all.
Can anyone provide tips?
Hi Aaron,
I think that the situation is that support to read the passphrase is
there but in practice it isn't entirely useful as there is no
prompt provided. The result being that it isn't obvious that
perdition is waiting for the input or a passphrase from stdin.
I'll see about resolving that.
It seems that it would also be useful to provide other methods
of supplying the passphrase. Perhaps something along the lines
of the --passphrase-fd, --passphrase-file and --passphrase options
of gpg.