Does anyone know how "secret" the password used to encrypt the private key that Mercury uses in it's cryptlib interface is? I wrote a C# program to import an OpenSSL certificate/private key into the PKCS #15 file that cryptlib uses that I think others might find of use. But, since it's un-obfuscated C#, and such a small program, it's much easier to discover the private key used from it than by looking at Mercury, a much larger C/C++ program.
I had previously been using stunnel which worked well for many years; but, an increasing amount of mail was incorrectly being marked as possible spam by SpamAssassin. Something easily resolved by having clients connect directly to Mercury and whitelisting certain IP addresses. I use a self-signed certificate created in OpenSSL and didn't want to distribute a new one, thus the reason for creating the import program.
Does anyone know how "secret" the password used to encrypt the private key that Mercury uses in it's cryptlib interface is?  I wrote a C# program to import an OpenSSL certificate/private key into the PKCS #15 file that cryptlib uses that I think others might find of use.  But, since it's un-obfuscated C#, and such a small program, it's much easier to discover the private key used from it than by looking at Mercury, a much larger C/C++ program.
I had previously been using stunnel which worked well for many years; but, an increasing amount of mail was incorrectly being marked as possible spam by SpamAssassin.  Something easily resolved by having clients connect directly to Mercury and whitelisting certain IP addresses.  I use a self-signed certificate created in OpenSSL and didn't want to distribute a new one, thus the reason for creating the import program.