Erease private key data from CMP_CTX as soon as no longer needed

CMP [RFC4210] implementation based on OpenSSL

Status: Beta

Brought to you by: dvodvo, mpeylo, mviljane

This project can now be found here.

#45 Erease private key data from CMP_CTX as soon as no longer needed

Milestone: Version 2

Status: open

Owner: nobody

Labels: None

Priority: 5

Updated: 2017-12-18

Created: 2017-12-18

Creator: David von Oheimb

Private: No

This is a security enhancement proposed by Philipp Löffler.

In particiular, private keys just needed for POPO generation can be erased immediately thereafter.
All private keys of client might even be erased temporarily before waiting for next poll request and then re-read from their respective source (e.g., password-protected file).

Erease private key data from CMP_CTX as soon as no longer needed

CMP [RFC4210] implementation based on OpenSSL

Group

Searches

Help

#45 Erease private key data from CMP_CTX as soon as no longer needed

Discussion