[prev in list] [next in list] [prev in thread] [next in thread]
List: kmail-devel
Subject: Re: AW: S/MIME and PGP
From: George Staikos <staikos () nitro ! 0wned ! org>
Date: 2001-08-22 17:06:00
[Download RAW message or body]
On Wed, 22 Aug 2001, [iso-8859-1] Jörg Beermann wrote:
> >I actually have some of this done in KSSL already, and I'll be adding the
> >PKCS#7 bits over the next two months. We're using KConfig to store the
> keys,
> >which is very simple. We need to have an encrypted KConfig framework to
> make
> >this secure, too. We'll do that over the next few months as well.
>
> As a suggestion: for storing the Private Key it might be a
> possibility to store it
> in a PKCS#12 bag, at least I did it these way.
> In this case also you don´t need to convert the Private Key from/to
> other Formats to make it accessible.
> You have a minimum standard of security for protecting the Private
> Key.
> And for the foreign certs there is no need to protect them.
The big problem is that people often like to enter one password and
have it unlock all the keys simultaneously. It would be nice to be able
to store them without passwords in an encrypted KConfig. Then they can be
exported with a password from there if required. This is particularily an
issue for SSL since loading a website could result in multiple password
prompts (particularily if images or frames are loaded from off-site).
> > I don't have any code in place to handle x509v3 extensions yet, btw, but
> I
> >will be needing them for SSL and TLS in 3.0 too.
>
> OpenSSL is also able to handle a few extensions, like standard v3
> and some
> Netscape extensions.
Yes I saw that. What I mean is that I'll need to integrate this into
the KSSL hooks. OpenSSL is not supposed to be directly referenced in any
part of the KDE code. Only KSSL. This means no raw crypto objects make
it out either.
_______________________________________________
Kmail Developers mailing list
Kmail@mail.kde.org
http://mail.kde.org/mailman/listinfo/kmail
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic