| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | David Wall <d(dot)wall(at)computer(dot)org> |
| Cc: | Naoko Reeves <naoko(at)lawlogix(dot)com>, Merlin Moncure <mmoncure(at)gmail(dot)com>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Where do you store key for encryption |
| Date: | 2009-11-29 02:50:32 |
| Message-ID: | 200911290250.nAT2oWB18946@momjian.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
David Wall wrote:
> In our open-esignforms project we use a layered approach for keys in
> which we have a boot key for the application that requires dual
> passwords which we then combine into a single password for PBE
> encryption of the boot key. We then have session keys that are
> encrypted with the boot key, and the session keys are used to encrypt
> one-up keys for encrypted blobs.
>
> In your case, you could encrypt your key using PBE assuming you have a
> way to provide the password to unlock it. This would allow you to
> protect the key with a password, which is the most basic way to go if
> you don't have a keystore to use.
I covered this a little bit in my recent security presentation:
http://momjian.us/main/presentations.html#securing
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Hartung | 2009-11-29 03:04:02 | 8.45.1 on mac - Plist problems |
| Previous Message | Scott Marlowe | 2009-11-29 02:44:30 | Re: Date with time zone |