Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Encrypted private key in client-side certificate. #98

Open
nikomi opened this issue Jan 14, 2015 · 2 comments
Open

Encrypted private key in client-side certificate. #98

nikomi opened this issue Jan 14, 2015 · 2 comments
Labels
certificate

Comments

@nikomi
Copy link

nikomi commented Jan 14, 2015

Hi,

I have a request - more like a wish - for client-side certificate handling:

We have a certificate with encrypted private key and therefore need to pass the password for the private key to the certificate loader function. Afaik neither credentialLoadX509 nor credentialLoadX509FromMemory support this.

Would it be possible to add this functionality? Or is there known work-around?

thanx, nikomi
@vincenthz
Copy link
Collaborator

I'ld like that too, but I don't see how to provide a user experience for this. I'm not sure what other applications that supports directly encrypted keys do TBH.

@nikomi
Copy link
Author

nikomi commented Jan 19, 2015

The HsOpenSSL package - more or less a wrapper around low-level OpenSSL calls - uses a data type called PemPasswordSupply that can represent no pwd, a pwd String, or a callback obtaining the pwd - see http://hackage.haskell.org/package/HsOpenSSL-0.11.1.1/docs/OpenSSL-PEM.html.

This method appears reasonably flexible, what do you think?

@ocheron ocheron mentioned this issue Feb 16, 2017
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
certificate
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vincenthz @nikomi