What I gathered online is that to use/access a password that I saved using keytool, I need to do the following.
- Use keytool to export the private key
- Use openssl to convert the PKCS12 file to a PEM file
- Set PEM file permission to 600
- In PHP application, use libraries like openssl or phpseclib to read the private key from the PEM file.
But doesn't the above expose the password? Meaning a hacker could retrieve the password (and my passphrase is in my code) if they get hold of my PEM file when my server is compromised. Is there a more secure way?