21 Apr 2012 21:52
Re: Is crossplatform in-memory file or file descriptor possible ?
It's best to decrypt keys etc sensitive session data to a temporary in-memory files. Say we have encrypted private keys, certificates etc but need to call OpenSSL (Stunnel) etc expecting the key be present by files. So, we'll have to decrypt the files thus there'll be plain versions of them on filesystem which is insecure... ============= in win32 : http://blogs.msdn.com/b/khen1234/archive/2006/01/30/519483.aspx http://msdn.microsoft.com/en-us/library/windows/desktop/aa366556(v=vs.85).aspx http://stackoverflow.com/questions/3980035/performance-of-win32-memory-mapped-files-vs-crt-fopen-fread in LINUX : mmap, tmpfs, cramfs, ramfs but all they mean custom kernel. 2012/4/21, Ivanko B <ivankob4mse2@...>: > me mean operating on decrypted private keys with software expecting > them to be files (easy to steal ). > > > 2012/4/21, Martin Schreiber <mse00000@...>: >> On Saturday 21 April 2012 17:06:18 Ivanko B wrote: >>> so that can be used as a way of passing password to OpenSSL. >>> Mainly needed to provide secure way of passing private key after >>> decrypting encrypted file presenting the key. >>> >> I don't understand, please explain. Maybe you should use asymmetric >> encryption >> like for example pgp. >> It is planned to add combined asymmetric/symmetric encryption to >> topensslcryptohandler probably with EVP_seal*. >> http://linux.die.net/man/3/evp_sealinit >> >> Martin >> >> ------------------------------------------------------------------------------ >> For Developers, A Lot Can Happen In A Second. >> Boundary is the first to Know...and Tell You. >> Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! >> http://p.sf.net/sfu/Boundary-d2dvs2 >> _______________________________________________ >> mseide-msegui-talk mailing list >> mseide-msegui-talk@... >> https://lists.sourceforge.net/lists/listinfo/mseide-msegui-talk >> > ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2
RSS Feed