[openssl-dev] Using openssl with a remote private key
Tigran Gyonjyan (BLOOMBERG/ 731 LEX)
tgyonjyan at bloomberg.net
Tue Mar 17 15:44:32 UTC 2015
Hi there!
Recently I had to work on an openssl project where due to security requirements I had to place the private key for the server certificate on another machine. In order to be able to make openssl ignore the fake private key in the certificate I had to "hack" some data structures to delegate the handshake decrypt to the remote machine so that the handshake could succeed.
I was wondering if this capability to delegate the decrypt function can be useful enough to incorporate into the official version.
In cases when the client and the server are located on user's machine it is a risk to keep the private key on that machine.
Let me know if there is a better solution for this problem.
Cheers,
Tigran
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150317/6c28dffe/attachment.html>
More information about the openssl-dev
mailing list