用于在服务器上存储Openssl密码的安全选项(Linux,Python,CherryPy) [英] Secure Options for storing Openssl password on a server (Linux, Python, CherryPy)
问题描述
我已经实现了一个HTTP服务器(CherryPy和Python),该服务器从客户端(Android)接收加密的文件.我正在使用OpenSSL解密上传的文件.目前,我正在使用openssl -enc -pass file:password.txt -in encryptedfile -out decryptedfile
在服务器端执行解密.如您所见,openssl使用的密码存储在纯文本文件(password.txt)中.
I've implemented a HTTP server (CherryPy and Python) that receives an encrypted file from a client (Android). I'm using OpenSSL to decrypt the uploaded file. Currently I'm using openssl -enc -pass file:password.txt -in encryptedfile -out decryptedfile
to perform to decryption on the server side. As you can see the password used by openssl is stored in a plain text file (password.txt).
是否有更安全的方法来存储此OpenSSL密码?
Is there a more secure way to store this OpenSSL password?
谢谢.
推荐答案
将其传递给更高的FD,然后在命令行中使用该FD.请注意,在进程运行之前,您需要使用preexec_fn
参数设置FD.
Pass it through a higher FD, and use that FD in the command line. Note that you'll need to use the preexec_fn
argument to set up the FD before the process gets run.
subprocess.Popen(['openssl', ..., 'file:/dev/fd/12', ...], ...,
preexec_fn=passtofd12(password), ...)
这篇关于用于在服务器上存储Openssl密码的安全选项(Linux,Python,CherryPy)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!