Menu
▾
▴
Re: [Opensc-devel] [Secure Email] Re: Crypto Chip Support imaginable ?
|
From: David W. <dw...@in...> - 2016-06-16 11:08:35
|
On Thu, 2016-06-16 at 08:55 +0000, Marx, Peter wrote: > > the ActiveMQ Java Keystore File used to handle the TLS connections > does not only contain the public key / certificate, but also the > private key. > > This holds true for all applications based on Java Secure Socket > Extension(JSSE) . And the password to access the key pair is in the > app's configuration file... > > This drives my requirement to get rid of the keystore files. Maybe I > misunderstood something at the basis - I'm a late adopter of the > crypto stuff. Yes, all that is absolutely correct. You want to move the key storage away from this file-and-password based storage, onto a separate device so that it can be securely protected. The key can be *used* in situ, but it can never be copied away. All that was implicit fairly much by the time you'd put opensc-devel into the To: field of your first email, let alone started composing your actual message :) Everything that anyone has responded has been compatible with that requirement. But there is evidently some miscommunication here... why do you feel you need to restate it? Did you think my suggestion had missed the point, and would not provide this? -- dwmw2 |
