[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

[Openvpn-users] Re: "--askpass file" is evil!

  • Subject: [Openvpn-users] Re: "--askpass file" is evil!
  • From: Charles Duffy <cduffy@xxxxxxxxxxx>
  • Date: Fri, 03 Dec 2004 08:44:27 -0600

On Fri, 03 Dec 2004 13:23:05 +0100, Jean-Pierre Schwickerath wrote:

> Every decent program storing certificates should allow the user to
> decrypt his/her certificate with the password supplied by the CA and
> then reencrypt it with a passphrase chosen by the user.

Ideally the password isn't supplied (or known) by the CA in the first case
because the private key, like the CSR, is generated by the user.

Openvpn-users mailing list