WebApp Sec mailing list archives
RE: key storage
From: Ajay <abra9823 () mail usyd edu au>
Date: Thu, 26 Aug 2004 11:11:17 +1000
would you suggest only having the public/private key pair on a removable media and have all other key stored on the webserver but encrypted using the public key? thanks cheers Quoting jatkinson <jatkinson () zelvin com>:
Ajay, There are a few options. Most obvious is that you take the keys and place then on a transpotable media and store that media in a secure location. Another possibility would be to use hardware encryption aka ncipher. At lease this is what comes of the top of my head. jatkinson -----Original Message----- From: Ajay [mailto:abra9823 () mail usyd edu au] Sent: Wednesday, August 25, 2004 7:02 AM To: webappsec () securityfocus com Subject: key storage hi! i am building a web application. for client authentication, i am using cookies which include the HMAC of the data. the server also has a public/private key pair for signing and verifying information. my question is how should these be stored on the server? encryption is the best solution, but if i encrypt them with another key, the question is where does this key get stored? in an earlier java app i used the keystore class. but i am working in python now thanks cheers ajay ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
Current thread:
- key storage Ajay (Aug 25)
- RE: key storage jatkinson (Aug 25)
- RE: key storage Ajay (Aug 26)
- RE: key storage Ajay (Aug 26)
- Re: key storage George Capehart (Aug 26)
- Re: key storage George Capehart (Aug 27)
- RE: key storage jatkinson (Aug 25)
- <Possible follow-ups>
- RE: key storage Brown, James F. (Aug 27)
- RE: key storage Ajay (Aug 28)
- RE: key storage Brown, James F. (Aug 30)
- RE: key storage Ajay (Aug 30)
- RE: key storage Brown, James F. (Aug 30)
- RE: key storage Scovetta, Michael V (Aug 31)
- RE: key storage Roman Fail (Aug 31)