在Python ssl客户端/服务器的情况下自动输入密码短语 [英] Auto enter pass phrase in case of Python ssl Client/Server

问题描述

我需要创建客户端/服务器应用程序以将文件从客户端发送到服务器。
我使用简单的ssl套接字并使用证书进行身份验证。

I need to create Client/Server application to send files from clients to Server. I use simple ssl sockets for that and authenticate with certificates.

 
ms = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
ssl_sock = ssl.wrap_socket(ms,
                           keyfile=".../newCA/my_client.key",
                           certfile=".../newCA/my_client.crt",
                           server_side=0,
                           cert_reqs=ssl.CERT_REQUIRED,
                           ca_certs=".../newCA/CA/my-ca.crt"
                           )
ssl_sock.connect((HOST, MPORT))

而服务器端：

msock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        self.ssl_sock = ssl.wrap_socket(msock,
                           keyfile=".../newCA/my_server.key",
                           certfile=".../newCA/my_server.crt",
                           server_side=1,
                           cert_reqs=ssl.CERT_REQUIRED,
                           ca_certs=".../newCA/CA/my-ca.crt"
                           )
        self.ssl_sock.bind(('', self.PORT))
        self.ssl_sock.listen(self.QUEUE_MAX)

问题如下：当客户端尝试连接到服务器时，需要为服务器端和客户端两者的私钥输入密码短语。

The problem is the following: when client tries to connect to Server, it requires Enter the pass phrase for private key for Both: for Server-side and Client-side.

• 在Java中，我们需要设置System Property：javax.net.ssl.keyStorePassword =，它必须自动使用，但是它是如何在Python中使用的？我无法在客户端连接时输入密码短语。

问题是我的应用程序：客户端应使用已签名的证书，并且服务器应使用已签名的证书。我不能改变它。 Serever和客户端都是长期的应用程序，所以我们只是运行它，我们不需要找它们。但是，据我所知，Python不提供statndard方式来自动输入私钥的密码短语。可能是其他建议吗？

The problem is that my Application:Client should use already signed certificate, and Server should use already signed certificate too. I can't change it. Both Serever and Clients are long-living applications, so we just run it and we no need to look for them. But, as I understand, Python doesn't provide statndard way to automatically enter pass phrase for private key. May be other suggestions?

推荐答案

通行短语是由人类输入作为识别手段。如果你想硬编码，没有密码的SSL密钥提供相同的安全级别。
要删除密码短语，请参见： http://aleph-null.tv/article/20080714-1337-917.xml/Apache,-SSL,- - & quot;％3B试用 - 通行密码& quot; 3B 3B

A pass phrase is meant to be entered by a human as means of identification. If you want to hardcode it, a SSL key without passphrase provides the same level of security. For getting rid of the pass phrase, see also: http://aleph-null.tv/article/20080714-1337-917.xml/Apache,-SSL,-and-&quot%3BGetting-Rid-of-the-Passphrase&quot%3B

这篇关于在Python ssl客户端/服务器的情况下自动输入密码短语的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！