[openssl-users] Protecting RSA keys

Sergio Magra sergiomagra at gmail.com
Fri Nov 13 18:50:05 UTC 2015


Hi everybody,

 

                I'm new with OpenSSL and I have some questions.

 

                The thing is that several RSA key pairs (each one for a
different user) will be stored in a shared secured location (Safenet HSM).
As the key pairs will be stored in the same place, we are looking for a way
to ensure that one user is able to use only its own key pair, and not the
key pair of another user.

 

                In this way, I'm thinking on a passphrase to protect the
private key, so when the user needs to use its key pair for signing or
encrypting, he must provide the passphrase. As he knows its passphrase and
not the passphrase of the other key pairs, he is able to use only its own
key pair.

 

 

                Until now, the theory. I don't know if I'm right.

 

                Supposing that I'm right, I tried to generate protected key
pairs, but when using them, I'm never prompted for the passphrase. So, I'm
able to use any of the keys created, instead of using only my own key.

 

                Can you help me with this issue?

 

 

Thanks in advance

 

Best regards

 

Sergio Magra   

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151113/17feb595/attachment.html>


More information about the openssl-users mailing list