Re: Where do you store key for encryption

David Wall wrote:
> In our open-esignforms project we use a layered approach for keys in
> which we have a boot key for the application that requires dual
> passwords which we then combine into a single password for PBE
> encryption of the boot key.  We then have session keys that are
> encrypted with the boot key, and the session keys are used to encrypt
> one-up keys for encrypted blobs.
>
> In your case, you could encrypt your key using PBE assuming you have a
> way to provide the password to unlock it.  This would allow you to
> protect the key with a password, which is the most basic way to go if
> you don't have a keystore to use.

I covered this a little bit in my recent security presentation:

    http://momjian.us/main/presentations.html#securing

--
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

  + If your life is a hard drive, Christ can be your backup. +