[openssl-project] Help deciding on PR 6341 (facilitate reading PKCS#12 objects in OSSL_STORE)
Viktor Dukhovni
openssl-users at dukhovni.org
Fri Jun 1 22:23:48 UTC 2018
> On Jun 1, 2018, at 6:16 PM, Richard Levitte <levitte at openssl.org> wrote:
>
> (I'm currently looking into alternatives where a UI_METHOD can present
> several variants of the same pass phrase, thus making it possible for
> the application to virtually say "hey, try one of these" instead of
> "hey, try this one"... that would be a way to have the application
> provide the variants rather than libcrypto, and still only have to
> know the bare minimum of what the URI represents (preferably nothing
> at all))
If they're using a new API with a new store abstraction, I rather
think it'd be better for the PKCS#12 data to be re-built with
a UTF-8 password before it is exposed as a store URI.
They should be able to decode the old file using legacy tooling,
but the new tools should simply require canonical data. Please
DO NOT implement password variants.
--
Viktor.
More information about the openssl-project
mailing list