On Fri, Jan 02, 2004 at 12:55:12PM +0100, Syver Enstad wrote:

I have a twistd daemon that runs a custom application (.tap). When starting up the daemon I have to enter the root password and a passphrase for SSL interactively from the console (the app runs a twisted web server for HTTP and HTTPS).

Because I want to do some automatic maintenace tasks I need to be able to start and stop the daemon from a script. Unfortunately I have little knowledge of Linux and the twistd daemon/application and need some input on how to attack this problem.

Requiring the passphrase to decrypt the SSL certificate is a measure of security. It makes it more difficult for attackers to trick your users into thinking the attacker is you, by rendering the certificate useless in the absense of the passphrase. If the passphrase is sitting in a plaintext file somewhere, waiting to be used by the script that restarts your daemon, this security is negated - attackers need now only read the script in addition to copying the certificate. If the passphrase is stored encrypted, then this could be avoided, but then you would have to type in a passphrase to decrypt that. Of course, you could store that passphrase in a file.... Hopefully you see where this is leading. Choose security or convenience here (there is a third alternative - come up with a new system that is both secure and convenient). If you want security, you can't automate this process; if you want convenience, you may as well store the certificate plaintext, because you're buying little by encrypting it and leaving a passphrase lying around for anyone to use. Lateral thinking may produce an acceptable solution - for example, wrap the twistd restarter in a native setuid root executable, store the certificate plaintext and readable only as root. (Still if the filesystem is stolen, the certificate has been compromised. But an encrypted filesystem alleviates this problem.) Hope this helps, Jp