Reputation: 2364
X509 Certificate multi-passwords?
I would like to know if x509 certificate's password allows multi-passwords per certificate - or just one?
And if it is possible, what scenario would it be applied?
Thanks for your time.
Upvotes: 2
Views: 452
Answers (2)
Reputation: 104080
Because GnuPG is easily available to me, it'd be my tool of choice; each admin would create a public/private key pair and export the public portion:
gpg --gen-key
gpg --export --armor [keyid] > key_file_[admin_name]
Import all the public keys into the keyring of whoever 'owns' the unencrypted x509 cert:
cat key_file_* | gpg --import
Then encrypt the cert with all the keys:
gpg -r keyid1 -r keyid2 -r keyid3 ... -o encrypted_cert -e plaintext_cert
Now encrypted_cert can be decrypted by whoever has one of the private keys and that private key's passphrase:
gpg encrypted_cert
PGP could also do the job, and probably with only slight modifications to the commands here.
Because all this is doing is encrypting a single symmetric key multiple times, once to each public key (and storing the results in a file format prepared to handle multiple copies of the encrypted symmetric key), it would be easy enough to re-implement in whatever language you'd like, if your trial wrappers work well enough.
Upvotes: 2
Reputation: 364369
It allows just one password and it is used to secure private key in the certificate. If you want to access private key you must provide a password.
Upvotes: 1
Related Questions
- Web Authentication with client certification
- Create and verify x509 certificates in .Net
- how to deal with x509 certificates and a centralized keystore programmatically?
- Can I use a multiple-client certificate in ASP.NET?
- X509Certificate2 ctor with cer file
- Access x509 certificates in windows service certificate stores with C#
- Implementing certificate authorization in asp.net
- Use X509Certificate without requiring passphrase
- How can I send a password along with my certificate (X.509) in a WCF Service?
- .NET certificates (C#)