WebApp Sec mailing list archives

RE: key storage

From: "jatkinson" <jatkinson () zelvin com>
Date: Wed, 25 Aug 2004 20:14:22 -0400

Ajay, 
There are a few options.  Most obvious is that you take the keys and
place then on a transpotable media and store that media in a secure
location.  Another possibility would be to use hardware encryption aka
ncipher.  At lease this is what comes of the top of my head.  

jatkinson

-----Original Message-----
From: Ajay [mailto:abra9823 () mail usyd edu au] 
Sent: Wednesday, August 25, 2004 7:02 AM
To: webappsec () securityfocus com
Subject: key storage

hi!

i am building a web application. for client authentication, i am using
cookies which include the HMAC of the data.
the server also has a public/private key pair for signing and verifying
information.
my question is how should these be stored on the server? encryption is
the
best solution, but if i encrypt them with another key, the question is
where does this key get stored?

in an earlier java app i used the keystore class. but i am working in
python now

thanks

cheers
ajay





----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

Current thread:

key storage Ajay (Aug 25)
- RE: key storage jatkinson (Aug 25)
  - RE: key storage Ajay (Aug 26)
  - RE: key storage Ajay (Aug 26)
    - Re: key storage George Capehart (Aug 26)
    - Re: key storage George Capehart (Aug 27)
- <Possible follow-ups>
- RE: key storage Brown, James F. (Aug 27)
  - RE: key storage Ajay (Aug 28)
- RE: key storage Brown, James F. (Aug 30)
  - RE: key storage Ajay (Aug 30)
- RE: key storage Brown, James F. (Aug 30)
- RE: key storage Scovetta, Michael V (Aug 31)

(Thread continues...)