On 8/23/06, paul at clubi.ie <paul at clubi.ie> wrote:
> > You can actually control the pasphrases used to protect keys if you
> > issue the keys from a corporate controlled CA,
>> No you can't, not for ssh keys in the actual "SSH key" sense!
>> You might be able to issue secret keys to users with 'good'
> pass-phrases on them, but the user has full power over the key,
> including power to change that annoying IT-issued pass-phrase to
> something they can remember a bit easier.
I'd challenge that. The largest, and probably disproportionately most
expensive PKI system in Ireland is operated by the Revenue
Commissioners allowing the general public deal with them
electronically.
They issue you with a digital cert and private key in PKCS12 format
from their CA for you to sign all online dealing with them in a non
repudable fashion.
Sing up at www.ros.ie and try and change the password for that PKCS12
file outside of the ROS system. Can't be done with any PKCS12 tool
available.
Similar devices are at the disposal of all CA operators....
Aine.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
