The idea of storing the keys in the environment is not secure. At the moment they are in plain text in ~/.config/config.fish.
A better solution is this:
- Create a service,
EBKeyService, that runs under a user ebkeyservice.
- This service is an special implementation of a server.
- The service will store its certificate in
/etc/ssl/certs as ebkeyservicecert.pem
- The service will store its private key in
/etc/ssl/private as ebkeyservicekey.pem
- The application server or client uses a private key saved as
~/.ssl/ebserverkey.pem or ~/.ssl/ebclientkey.pem
- The application server or client uses a certificate saved under
~/.ssl/ebservercert.pem or ~/.ssl/ebclientcert.pem
- Upon launch, the client or server will establish a connection with the
EBKeyService using the credentials stored in ~\.ssl and will request the true private key.
- This private key will be used in combination with the certificate stored in
~\.ssl to communicate to the server or client.
The idea of storing the keys in the environment is not secure. At the moment they are in plain text in
~/.config/config.fish.A better solution is this:
EBKeyService, that runs under a userebkeyservice./etc/ssl/certsasebkeyservicecert.pem/etc/ssl/privateasebkeyservicekey.pem~/.ssl/ebserverkey.pemor~/.ssl/ebclientkey.pem~/.ssl/ebservercert.pemor~/.ssl/ebclientcert.pemEBKeyServiceusing the credentials stored in~\.ssland will request the true private key.~\.sslto communicate to the server or client.