httpd-modules-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benn Oshrin <be...@columbia.edu>
Subject Re: Ideas/Security advice needed
Date Wed, 23 May 2007 15:44:17 GMT
--On 22 May 2007 7:01:55 PM -0300 Arturo 'Buanzo' Busleiman 
<buanzo@buanzo.com.ar> wrote:

| Guys, for mod_auth_openpgp (the OpenPGP support module for Apache I'm
| working on) to support encryption and signing (so far only has
| verification), I need to provide GnuPG the passphrase to unlock a
| private key.
|
| It's the classic SSL passphrase issue all admins work around by using a
| passwordless certificate, so I really am looking forward for some
| community feedback here.
|
| I've published this "call for ideas" on a couple of mailing lists, and
| in my site, but some help from apache developers would definitely be a
| GREAT idea.

For our https servers, we wrote a script compatible with the 
SSLPassPhraseDialog of Apache 2 that retrieves the passphrase from a 
central repository.  This doesn't really increase the security of the 
passphrase or the cert, but it makes the retrievals somewhat auditable.

-Benn-


Mime
View raw message