Access to any database without password knowledge possible
Brought to you by:
chris2511
Hello,
very interesting software.
Just one thing - Version 0.6.4 (Win) here on Win XP Pro:
It is possible to open and access *any* password protected database without knowing it's password by simply cancelling the password dialog.
Regards
T.
Logged In: YES
user_id=609294
Originator: NO
...but try to export a private key.
It will fail as long as you cannot provide a password to decrypt the key.
(This is also mentioned in the documentation as intended behaviour)
Since in the database only the private keys are encrypted (3des with the default password),
the application shows everything you could see when opening the database with for example a hexeditor.
So this is a feature:
If you cancel the password dialog, you will be prompted for the password for every security related
operation like signing (creating) CSRs or certificates, importing or exporting private keys, creating revokation lists, etc.
Logged In: YES
user_id=1884366
Originator: YES
Indeed, it is mentioned in the documentation and it works like you describe it. My fault - I simply overlooked that part.
Sorry and thanks for your explanation.
Regards
T.