develooper Front page | perl.libwww | Postings from July 2003

HTTPS requests and PKCS12 keybags

Thread Next
From:
Svein E. Seldal
Date:
July 6, 2003 19:11
Subject:
HTTPS requests and PKCS12 keybags
Message ID:
3F06E338.7070802@solidas.com
Hello,

I'm using your Crypt::SSLeay, and I'm very happy this works. Thank you 
very much for this!!

We have this intraweb-server that requires the clients to be 
authenticated with the means of client certificates. These client 
certificates are distributed to the users in PKCS12 keybags. Each bag 
contains the user's private key, the user's cert, the web-server cert 
and the CA's cert.

1) Is the PEM pass phrase password dialogue (when $ENV{HTTPS_KEY_FILE} 
is used) safe? Is it stored in any enviromentvariable which make it unsafe?

I have been testing Crypt::SSLeay with PKCS12 files mentioned abover, 
but it doesnt seem to work unless you specify the 
$ENV{HTTPS_PKCS12_PASSWORD}. No password input dialogue is show. Nor do 
I want to create my own password input routine, and store it in this 
environment variable because of the security issues involved.

2) Are there any chances that this could be extracted to a password 
input, similar to the one used if $ENV{HTTPS_KEY_FILE} is used, please?

3) When using the PKCS12 file, are there any possibilites to verify the 
attached CA cert? Because it seems like it ignores the other certs 
included in the PKCS12 file.

PKCS12 files simplifies things for the users, as they only have to worry 
about one file, not three (key, user cert and CA cert).

I am aware that the PCKS12 is alpha, but I just wanted to give you guys 
some feedback and tips. Please keep up the good work!


Regards,
Svein



Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About