Best Practices for private key files handling
Philip Prindeville
philipp_subx at redfish-solutions.com
Tue Sep 13 20:17:12 UTC 2022
Hi,
I'm working on a bug in an application where the application config is given the directory path in which to find a key-store, which it then loads.
My issue is this: a regular UNIX file is trivial to handle (make sure it's owned by "root" or the uid that the app runs at, and that it's 0600 or 0400 permissions... easy-peasy).
But what happens when the file we encounter is a symlink? If the symlink is owned by root but the target isn't, or the target permissions aren't 0600 0r 0400... Or the target is a symlink, or there's a symlink somewhere in the target path, etc.
So... what's the Best Practices list for handling private key materials? Has anyone fleshed this out?
The specific bug, if anyone is interested, is:
https://issues.asterisk.org/jira/browse/ASTERISK-30213
Thanks,
-Philip
More information about the openssl-users
mailing list