Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added -password flag to allow specifying of PKCS#12 password #58

Closed
wants to merge 1 commit into from
Closed

Added -password flag to allow specifying of PKCS#12 password #58

wants to merge 1 commit into from

Conversation

neoKushan
Copy link

@neoKushan neoKushan commented Aug 15, 2018
edited
Loading

Hi,

I didn't like that the PKCS#12 support didn't allow you to specify the password, so I added a flag to pass in your own. I also updated the usage text as it was not immediately obvious what the default password even was.

I've never touched Go before, so apologies if I've made a mistake. Feel free to feedback on anything that should have been done differently.

I've signed the CLA as well.

@neoKushan
Copy link
Author

Hi,

This PR has been open for over a month now, is there an issue with it or something I need to change?

@FiloSottile FiloSottile mentioned this pull request Sep 26, 2018
Closed
@prabirshrestha
Copy link

+1 I would also be interested in this custom password. IIS import requires password, so not having to use the default password 'changeit' would be great.

@adamdecaf
Copy link
Contributor

cc @FiloSottile

@neoKushan
Copy link
Author

From reading #75 , it looks as though @FiloSottile has issues with there being too much configuration involved in the tool, which is possibly a fair criticism. That said, it would have been nice for him to respond to this PR to say as much.

This does raise a thought, though. The default password of "changeit" is a poor choice, given that you can't change it and implies that you can. If my PR is genuinely of no value then that's fine, but the default password should at least be changed to something like "password" to be less misleading.

The problem is that this could break people's workflows, particularly as the tool didn't make it obvious what the default password was previously. Which kind of leads me back to the original PR - if changing the default password is a potentially breaking change and the default password is a little misleading, a concession would be to allow the user to actually change it.

@FiloSottile
Copy link
Owner

Thank you for the PR. I went the way of documenting the current value instead because PKCS#12 encryption is a legacy artifact that should be ignored as a compatibility quirk: it employs relics from another time like RC2, 3DES and SHA-1.

I don't want anyone thinking PKCS#12 is better because they get to set a password with it, we only support it for compatibility. And since compatibility is the goal, we are stuck with the silly changeit value, because certain systems hardcoded it.

@adamdecaf adamdecaf mentioned this pull request Jan 22, 2019
Closed
@adamdecaf adamdecaf mentioned this pull request Feb 7, 2019
Closed
@adamdecaf adamdecaf mentioned this pull request Feb 22, 2019
Closed
@nevi-me nevi-me mentioned this pull request Jul 24, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@neoKushan @prabirshrestha @adamdecaf @FiloSottile