Bug / Feature #149
closedPassphrase not saved !
100%
Description
After generating a certificate, with passphrase, I was able to load by certificates into another setup without giving my passphrase. It seems pretty sure that the saved certificates are not encrypted with the passphrase. I have put the highest priority to this issue because its a security issue.
Updated by Exception over 13 years ago
- Status changed from New to 6
- Assignee set to Exception
Importing the encrypted key does not require the passphrase as it is not decrypted when importing.
Using the private key of course requires the passphrase. But you could not have used it up to this time as there is no voting procedure yet.
Updated by spale over 13 years ago
I was not sure about it but somehow expected this answer. You could set one or more test votes for the next 30 days, so people can play a little bit.
The best would be a test mode in the client that's using another backend system. Something like:
- test backend including all valid certs/signatures
- auto open/close of 2-3 votes everyday
- test mode implementation in the client
Should I open a feature request?
Updated by Exception over 13 years ago
- Category set to Security
- Target version set to PiVote 1.0.1.0