cachegrand currently loads the certificates and private keys directly from a local file but this is not a secure approach because the process can be potentially dumped and an attacker would easily have access to the private key.
In addition, the current implementation requires the server to be restarted if the certificate is rotated which is extremely destructive.
To avoid these scenario cachegrand should use the operating system keychain and rely on an external authorized process to update / rotate the certificates / private keys stored in there.
Here an example of how to populate a keychain
key_serial_t keyring = add_key("keyring", "localhost", NULL, 0, 0);
printf("The Keyring id is <%jx>\n", (uintmax_t)keyring);
if (keyring == -1) {
perror("add_key keyring");
exit(EXIT_FAILURE);
}
size_t rsa_cert_len = 0, rsa_key_len = 0;
char *rsa_cert = read_the_rsa_certificate_file(&rsa_cert_len);
char *rsa_key = read_the_rsa_private_key_file(&rsa_key_len);
if (add_key("tls_cert", "public-key", rsa_cert, rsa_cert_len, keyring) == -1) {
perror("add_key tls_cert");
return EXIT_FAILURE;
}
printf("Public key added to the keyring\n");
if (add_key("tls_priv", "private-key", rsa_key, rsa_key_len, keyring) == -1) {
perror("add_key tls_cert");
return EXIT_FAILURE;
}
printf("Private key added to the keyring\n");
cachegrand currently loads the certificates and private keys directly from a local file but this is not a secure approach because the process can be potentially dumped and an attacker would easily have access to the private key.
In addition, the current implementation requires the server to be restarted if the certificate is rotated which is extremely destructive.
To avoid these scenario cachegrand should use the operating system keychain and rely on an external authorized process to update / rotate the certificates / private keys stored in there.
Here an example of how to populate a keychain