4

I'm using cURL to fetch from an HTTPS location, which requires a client certificate. I have my .curlrc set up to tell cURL where it is, but I don't want to leave my unencrypted private key just lying around. So every time I use it, cURL prompts me for the certificate password.

A lot of other utilities hook into some kind of platform-specific keyring (the native one in OSX, gnome-keyring in Linux, etc) -- is there a hook like this for cURL? Is there any other way to have cURL get my private key on a per-shell / per-session basis rather than prompting every time?

Coderer
  • 1,700

1 Answers1

2

Private keys stored in GNOME Keyring (not key passwords, but the keys themselves) can be accessed using a standard PKCS#11 interface, preferably through p11-kit (pkcs11 module libp11-kit.so). This can be used from various programs.

However, curl unfortunately does not appear to support PKCS11 modules, even though the OpenSSL library itself is able to use them. This might have something to do with some distros building curl with GnuTLS or NSS instead...

grawity
  • 501,077