WebApp Sec mailing list archives

key storage

From: Ajay <abra9823 () mail usyd edu au>
Date: Wed, 25 Aug 2004 21:02:12 +1000

hi!

i am building a web application. for client authentication, i am using
cookies which include the HMAC of the data.
the server also has a public/private key pair for signing and verifying
information.
my question is how should these be stored on the server? encryption is the
best solution, but if i encrypt them with another key, the question is
where does this key get stored?

in an earlier java app i used the keystore class. but i am working in
python now

thanks

cheers
ajay





----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

Current thread:

key storage Ajay (Aug 25)
- RE: key storage jatkinson (Aug 25)
  - RE: key storage Ajay (Aug 26)
  - RE: key storage Ajay (Aug 26)
    - Re: key storage George Capehart (Aug 26)
    - Re: key storage George Capehart (Aug 27)
- <Possible follow-ups>
- RE: key storage Brown, James F. (Aug 27)
  - RE: key storage Ajay (Aug 28)
- RE: key storage Brown, James F. (Aug 30)
  - RE: key storage Ajay (Aug 30)
- RE: key storage Brown, James F. (Aug 30)

(Thread continues...)