用于在服务器上存储Openssl密码的安全选项(Linux，Python，CherryPy) [英] Secure Options for storing Openssl password on a server (Linux, Python, CherryPy)

问题描述

我已经实现了一个HTTP服务器(CherryPy和Python)，该服务器从客户端(Android)接收加密的文件.我正在使用OpenSSL解密上传的文件.目前，我正在使用openssl -enc -pass file:password.txt -in encryptedfile -out decryptedfile在服务器端执行解密.如您所见，openssl使用的密码存储在纯文本文件(password.txt)中.

I've implemented a HTTP server (CherryPy and Python) that receives an encrypted file from a client (Android). I'm using OpenSSL to decrypt the uploaded file. Currently I'm using openssl -enc -pass file:password.txt -in encryptedfile -out decryptedfile to perform to decryption on the server side. As you can see the password used by openssl is stored in a plain text file (password.txt).

是否有更安全的方法来存储此OpenSSL密码?

Is there a more secure way to store this OpenSSL password?

谢谢.

推荐答案

将其传递给更高的FD，然后在命令行中使用该FD.请注意，在进程运行之前，您需要使用preexec_fn参数设置FD.

Pass it through a higher FD, and use that FD in the command line. Note that you'll need to use the preexec_fn argument to set up the FD before the process gets run.

subprocess.Popen(['openssl', ..., 'file:/dev/fd/12', ...], ...,
  preexec_fn=passtofd12(password), ...)

这篇关于用于在服务器上存储Openssl密码的安全选项(Linux，Python，CherryPy)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！