[openssl-project] Help deciding on PR 6341 (facilitate reading PKCS#12 objects in OSSL_STORE)

Richard Levitte levitte at openssl.org
Fri Jun 1 22:16:17 UTC 2018


In message <14B35465-B944-492F-9C09-4A243D1AAB0E at dukhovni.org> on Fri, 1 Jun 2018 17:57:46 -0400, Viktor Dukhovni <openssl-users at dukhovni.org> said:

openssl-users> 
openssl-users> 
openssl-users> > On Jun 1, 2018, at 5:51 PM, Kurt Roeckx <kurt at roeckx.be> wrote:
openssl-users> > 
openssl-users> > That would then just mean that the apps need to do the correct
openssl-users> > thing and convert it to UTF-8.
openssl-users> 
openssl-users> Module legacy files, with a passphrase in some other encoding.
openssl-users> For those the applications will have to provide the right
openssl-users> non-UTF8 octet string, and I assume we'll just use that
openssl-users> verbatim.

Trouble is that OSSL_STORE is designed so the application doesn't have
to know what type of object the URI represents.  "provide the right
string" requires that knowledge.

(I'm currently looking into alternatives where a UI_METHOD can present
several variants of the same pass phrase, thus making it possible for
the application to virtually say "hey, try one of these" instead of
"hey, try this one"...  that would be a way to have the application
provide the variants rather than libcrypto, and still only have to
know the bare minimum of what the URI represents (preferably nothing
at all))

-- 
Richard Levitte         levitte at openssl.org
OpenSSL Project         http://www.openssl.org/~levitte/


More information about the openssl-project mailing list