Project

General

Profile

Actions

Bug / Feature #149

closed

Passphrase not saved !

Added by spale over 14 years ago. Updated about 12 years ago.

Status:
Closed
Priority:
Immediate
Assignee:
Category:
Security
Target version:
Start date:
20 September 2010
Due date:
% Done:

100%

Estimated time:
Request Type:
Bug Report
Affected Program:
Affected Users:

Description

After generating a certificate, with passphrase, I was able to load by certificates into another setup without giving my passphrase. It seems pretty sure that the saved certificates are not encrypted with the passphrase. I have put the highest priority to this issue because its a security issue.

Actions #1

Updated by Exception over 14 years ago

  • Status changed from New to 6
  • Assignee set to Exception

Importing the encrypted key does not require the passphrase as it is not decrypted when importing.

Using the private key of course requires the passphrase. But you could not have used it up to this time as there is no voting procedure yet.

Actions #2

Updated by spale over 14 years ago

I was not sure about it but somehow expected this answer. You could set one or more test votes for the next 30 days, so people can play a little bit.

The best would be a test mode in the client that's using another backend system. Something like:

- test backend including all valid certs/signatures
- auto open/close of 2-3 votes everyday
- test mode implementation in the client

Should I open a feature request?

Actions #3

Updated by Exception about 14 years ago

  • Category set to Security
  • Target version set to PiVote 1.0.1.0
Actions

Also available in: Atom PDF