RE: key storage

[Ajay <abra9823 () mail usyd edu au>]

would you suggest only having the public/private key pair on a removable
media and have all other key stored on the webserver but encrypted using
the public key?

thanks
cheers


Quoting jatkinson <jatkinson () zelvin com>:

> Ajay,
> There are a few options.  Most obvious is that you take the keys and
> place then on a transpotable media and store that media in a secure
> location.  Another possibility would be to use hardware encryption aka
> ncipher.  At lease this is what comes of the top of my head.
>
> jatkinson
>
> -----Original Message-----
> From: Ajay [mailto:abra9823 () mail usyd edu au]
> Sent: Wednesday, August 25, 2004 7:02 AM
> To: webappsec () securityfocus com
> Subject: key storage
>
> hi!
>
> i am building a web application. for client authentication, i am using
> cookies which include the HMAC of the data.
> the server also has a public/private key pair for signing and verifying
> information.
> my question is how should these be stored on the server? encryption is
> the
> best solution, but if i encrypt them with another key, the question is
> where does this key get stored?
>
> in an earlier java app i used the keystore class. but i am working in
> python now
>
> thanks
>
> cheers
> ajay
>
>
>
>
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.


----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.