Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I would like to know if x509 certificate’s password allows multi-passwords per certificate – or just one?
And if it is possible, what scenario would it be applied?
Thanks for your time.
Because GnuPG is easily available to me, it’d be my tool of choice; each admin would create a public/private key pair and export the public portion:
Import all the public keys into the keyring of whoever ‘owns’ the unencrypted x509 cert:
Then encrypt the cert with all the keys:
Now
encrypted_certcan be decrypted by whoever has one of the private keys and that private key’s passphrase:PGP could also do the job, and probably with only slight modifications to the commands here.
Because all this is doing is encrypting a single symmetric key multiple times, once to each public key (and storing the results in a file format prepared to handle multiple copies of the encrypted symmetric key), it would be easy enough to re-implement in whatever language you’d like, if your trial wrappers work well enough.