diff --git a/libretroshare/src/pqi/authgpg.cc b/libretroshare/src/pqi/authgpg.cc
index 37cc2aa29..f00f7fb24 100644
--- a/libretroshare/src/pqi/authgpg.cc
+++ b/libretroshare/src/pqi/authgpg.cc
@@ -1343,6 +1343,36 @@ bool	GPGAuthMgr::getPGPAllList(std::list<std::string> &ids)
 	return true;
 }
 
+bool 	GPGAuthMgr::decryptText(gpgme_data_t CIPHER, gpgme_data_t PLAIN) {
+	RsStackMutex stack(pgpMtx); /******* LOCKED ******/
+
+	if (GPG_ERR_NO_ERROR != gpgme_op_decrypt (CTX, CIPHER, PLAIN))
+	{
+		std::cerr << "Error decrypting text";
+		std::cerr << std::endl;
+		return false;
+	}
+
+
+	return true;
+}
+
+bool 	GPGAuthMgr::encryptText(gpgme_data_t PLAIN, gpgme_data_t CIPHER) {
+	RsStackMutex stack(pgpMtx); /******* LOCKED ******/
+
+	gpgme_encrypt_flags_t* flags = new gpgme_encrypt_flags_t();
+
+	if (GPG_ERR_NO_ERROR != gpgme_op_encrypt(CTX, NULL, *flags, PLAIN, CIPHER))
+	{
+		std::cerr << "Error encrypting text";
+		std::cerr << std::endl;
+		return false;
+	}
+
+
+	return true;
+}
+
 bool	GPGAuthMgr::getPGPAuthenticatedList(std::list<std::string> &ids)
 {
 	RsStackMutex stack(pgpMtx); /******* LOCKED ******/
diff --git a/libretroshare/src/pqi/authgpg.h b/libretroshare/src/pqi/authgpg.h
index 2ca4b499e..72727e4cc 100644
--- a/libretroshare/src/pqi/authgpg.h
+++ b/libretroshare/src/pqi/authgpg.h
@@ -176,6 +176,8 @@ class GPGAuthMgr: public AuthSSL
  	bool	isPGPValid(std::string id);
  	bool	isPGPAuthenticated(std::string id);
  	bool	getPGPDetails(std::string id, pqiAuthDetails &details);
+	bool 	decryptText(gpgme_data_t CIPHER, gpgme_data_t PLAIN);
+	bool	encryptText(gpgme_data_t PLAIN, gpgme_data_t CIPHER);
 
 /*********************************************************************************/
 /************************* STAGE 4 ***********************************************/
diff --git a/libretroshare/src/pqi/p3authmgr.h b/libretroshare/src/pqi/p3authmgr.h
index b41c95ae2..ce0c24d71 100644
--- a/libretroshare/src/pqi/p3authmgr.h
+++ b/libretroshare/src/pqi/p3authmgr.h
@@ -29,6 +29,7 @@
 #include <list>
 #include <map>
 #include <string>
+#include <gpgme.h>
 
 /************** GENERIC AUTHENTICATION MANAGER ***********
  * Provides a common interface for certificates.
@@ -111,8 +112,9 @@ virtual void addTrustingPeer(std::string id) = 0;
 
 		/* Extra Fns for PGP, call std versions if not overloaded */
 virtual std::string PGPOwnId() { return OwnId(); }
-virtual bool    getPGPAllList(std::list<std::string> &ids) { return getAllList(ids); };
-
+virtual bool    getPGPAllList(std::list<std::string> &ids) { return getAllList(ids); }
+virtual bool	encryptText(gpgme_data_t PLAIN, gpgme_data_t CIPHER) { return 0; }
+virtual bool    decryptText(gpgme_data_t CIPHER, gpgme_data_t PLAIN) { return 0; }
 		/* Load/Save certificates */
 
 virtual bool LoadCertificateFromString(std::string pem, std::string &id)  = 0;
diff --git a/libretroshare/src/rsserver/rsinit.cc b/libretroshare/src/rsserver/rsinit.cc
index dd3568db6..ea29e9887 100644
--- a/libretroshare/src/rsserver/rsinit.cc
+++ b/libretroshare/src/rsserver/rsinit.cc
@@ -97,7 +97,9 @@ class RsInitConfig
                 static std::string configDir;
                 static std::string load_cert;
                 static std::string load_key;
-                static std::string passwd;
+		static std::string ssl_passphrase_file;
+
+		static std::string passwd;
 
                 static bool havePasswd;                 /* for Commandline password */
                 static bool autoLogin;                  /* autoLogin allowed */
@@ -145,6 +147,8 @@ std::string RsInitConfig::preferedId;
 std::string RsInitConfig::configDir;
 std::string RsInitConfig::load_cert;
 std::string RsInitConfig::load_key;
+std::string RsInitConfig::ssl_passphrase_file;
+
 std::string RsInitConfig::passwd;
 //std::string RsInitConfig::gpgPasswd;
 
@@ -1230,7 +1234,8 @@ bool     RsInit::LoadPassword(std::string id, std::string inPwd)
         // Create the filename.
         std::string basename = RsInitConfig::configDir + RsInitConfig::dirSeperator;
         basename += configKeyDir + RsInitConfig::dirSeperator;
-        basename += "user";
+	RsInitConfig::ssl_passphrase_file  = basename + "ssl_passphrase.pgp";
+	basename += "user";
 
         RsInitConfig::load_key  = basename + "_pk.pem";
         RsInitConfig::load_cert = basename + "_cert.pem";
@@ -1260,12 +1265,6 @@ int RsInit::LoadCertificates(bool autoLoginNT)
 	  return 0;
 	}
 
-	if ((!RsInitConfig::havePasswd) || (RsInitConfig::passwd == ""))
-	{
-	  std::cerr << "RetroShare needs a Password" << std::endl;
-	  return 0;
-	}
-
 	//std::string ca_loc = RsInitConfig::basedir + RsInitConfig::dirSeperator;
 	//ca_loc += configCaFile;
 
@@ -1296,7 +1295,57 @@ int RsInit::LoadCertificates(bool autoLoginNT)
   #else /* X509 Certificates */
   /**************** PQI_USE_XPGP ******************/
 	/* The SSL / SSL + PGP version requires, SSL init + PGP init.  */
-	if (0 < authMgr -> InitAuth(RsInitConfig::load_cert.c_str(), RsInitConfig::load_key.c_str(),RsInitConfig::passwd.c_str()))
+	const char* sslPassword;
+	sslPassword = RsInitConfig::passwd.c_str();
+	//check if password is already in memory
+	if ((RsInitConfig::havePasswd) && (RsInitConfig::passwd != ""))
+	{
+		std::cerr << "RetroShare have a ssl Password" << std::endl;
+		sslPassword = RsInitConfig::passwd.c_str();
+
+		std::cerr << "let's store the ssl Password into a pgp ecrypted file" << std::endl;
+		FILE *sslPassphraseFile = fopen(RsInitConfig::ssl_passphrase_file.c_str(), "w");
+		std::cerr << "opening sslPassphraseFile. : " << RsInitConfig::ssl_passphrase_file.c_str() << std::endl;
+		gpgme_data_t cipher;
+		gpgme_data_t plain;
+		gpgme_data_new_from_mem(&plain, sslPassword, sizeof(sslPassword), 0);
+		gpgme_error_t error_reading_file = gpgme_data_new_from_stream (&cipher, sslPassphraseFile);
+		if (0 < authMgr->encryptText(plain, cipher)) {
+		    std::cerr << "Encrypting went ok !" << std::endl;
+		}
+		gpgme_data_release (cipher);
+		gpgme_data_release (plain);
+		fclose(sslPassphraseFile);
+		std::cerr << "sslPassword : " << sslPassword << std::endl;
+
+	} else {
+		//let's read the password from an encrypted file
+		//let's check if there's a ssl_passpharese_file that we can decrypt with PGP
+		FILE *sslPassphraseFile = fopen(RsInitConfig::ssl_passphrase_file.c_str(), "r");
+		if (sslPassphraseFile == NULL)
+		{
+			std::cerr << "No password povided, and no sslPassphraseFile." << std::endl;
+			return 0;
+		} else {
+			std::cerr << "opening sslPassphraseFile." << std::endl;
+			gpgme_data_t cipher;
+			gpgme_data_t plain;
+			gpgme_data_new (&plain);
+			gpgme_error_t error_reading_file = gpgme_data_new_from_stream (&cipher, sslPassphraseFile);
+			if (0 < authMgr->decryptText(cipher, plain)) {
+			    std::cerr << "Decrypting went ok !" << std::endl;
+			    sslPassword = gpgme_data_release_and_get_mem(plain, NULL);
+			} else {
+			    gpgme_data_release (plain);
+			    std::cerr << "Error : decrypting went wrong !" << std::endl;
+			}
+			gpgme_data_release (cipher);
+			fclose(sslPassphraseFile);
+		}
+	}
+
+	std::cerr << "RsInitConfig::load_key.c_str() : " << RsInitConfig::load_key.c_str() << std::endl;
+	if (0 < authMgr -> InitAuth(RsInitConfig::load_cert.c_str(), RsInitConfig::load_key.c_str(), sslPassword))
 	{
 		ok = true;
 	}