Greg Hudson wrote:
> On Thu, 2008-05-08 at 15:27 -0400, Karl Fogel wrote:
>
>> If I understand him correctly, Joe is pointing out that the only purpose
>> of this passphrase is to decrypt the cert -- so instead of storing the
>> passphrase unencrypted, we might as well dispense with the passphrase
>> entirely and just store the unencrypted cert itself.
>>
>
> Do Keychain etc. have the ability to store certs? That seems more
> straightforward than storing a cert decryption password in Keychain and
> then an encrypted cert, but only if that's part of the architecture of
> Keychain-type frameworks.
>
Mac keychain does store certs. Windows has a user-specific cert store,
too -- though it doesn't have a non-obscure UI for adding stuff to it.
Only note that our Windows crypted-password store takes shortcuts and
uses just the cryption parts of the API, not the secure store part.
-- Brane
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-05-10 02:24:33 CEST