key storage
Paul Rubin
http
Thu Aug 26 21:32:34 EDT 2004
Ajay <abra9823 at mail.usyd.edu.au> writes:
> my question is how should these be stored on the server? encryption is
> the best solution, but if i encrypt them with another key, the question is
> where does this key get stored?
It's a hard problem. Really serious systems use crypto coprocessors
with hardware-encapsulated keys. A cheesy substitute is to store the
keys in a running process on the same server, that your cgi connects
to through an AF_UNIX socket when it wants to encrypt something. I
have a Python module that does stuff like that. You enter a
passphrase when you start the process, and then it keeps running. Of
course you have to re-enter the passphrase on reboot or something like
that.
Slightly out-of-date docs are at:
http://www.nightsong.com/phr/crypto/crypto.txt
I never released this thing but I guess I could do so pretty soon. I
will not make any promises about its security.
More information about the Python-list
mailing list