Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: key storage

from [Ajay] Network Security [Permanent Link]
Subject: RE: key storage
Date: Thu, 26 Aug 2004 11:11:17 +1000 
would you suggest only having the public/private key pair on a removable
media and have all other key stored on the webserver but encrypted using
the public key?

thanks
cheers


Quoting jatkinson <jatkinson@zelvin.com>:


Ajay,
There are a few options.  Most obvious is that you take the keys and
place then on a transpotable media and store that media in a secure
location.  Another possibility would be to use hardware encryption aka
ncipher.  At lease this is what comes of the top of my head.

jatkinson

-----Original Message-----
From: Ajay [mailto:abra9823@mail.usyd.edu.au]
Sent: Wednesday, August 25, 2004 7:02 AM
To: webappsec@securityfocus.com
Subject: key storage

hi!

i am building a web application. for client authentication, i am using
cookies which include the HMAC of the data.
the server also has a public/private key pair for signing and verifying
information.
my question is how should these be stored on the server? encryption is
the
best solution, but if i encrypt them with another key, the question is
where does this key get stored?

in an earlier java app i used the keystore class. but i am working in
python now

thanks

cheers
ajay





----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.





----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Web Scams, Lawrence, Michael
Next by Date:  RE: key storage, Ajay
Previous by Thread:  RE: key storage, jatkinson
Next by Thread:  RE: key storage, Ajay
Indexes:  [Date] [Thread] [Top] [All Lists]