key storage

A

Ajay

hi!
i am building a web application. for client authentication, i am using
cookies which include the HMAC of the data.
the server also has a public/private key pair for signing and verifying
information.
my question is how should these be stored on the server? encryption is
the best solution, but if i encrypt them with another key, the question is
where does this key get stored?
i am using SunOS. the problem is i dont have access to the webserver. my
web applications consists of a number of python scripts that allow you to
create user models.
Thus there is no application start or end and all state (including keys
used) must be stored in files which are read when a request is made.
if i could actually configure the server (or if i had written my own server
app) i could make it read a set of keys (or a passphrase) from a file
(stored on removable media) at startup and use those. the media itself
could be removed.
But i cant really do that with a whole lot of cgi scripts, can i?
since the webserver is an apache, i think i should look at what features it
offers in such a situation - i was hoping someone would have come across
this problem before and solved it

cheers
 
P

Paul Rubin

Ajay said:
my question is how should these be stored on the server? encryption is
the best solution, but if i encrypt them with another key, the question is
where does this key get stored?
Click to expand...

It's a hard problem. Really serious systems use crypto coprocessors
with hardware-encapsulated keys. A cheesy substitute is to store the
keys in a running process on the same server, that your cgi connects
to through an AF_UNIX socket when it wants to encrypt something. I
have a Python module that does stuff like that. You enter a
passphrase when you start the process, and then it keeps running. Of
course you have to re-enter the passphrase on reboot or something like
that.

Slightly out-of-date docs are at:

http://www.nightsong.com/phr/crypto/crypto.txt

I never released this thing but I guess I could do so pretty soon. I
will not make any promises about its security.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Foreign key error 2
Create and Preview HTML & PDF with Custom Encryption and Micro Cloud Storage 0
Universal BMP Steganography Tool (AES-128-CTR + SP800-90A CSPRNG) Full Encoder/Decoder with 3LSB Payload, PasswordDerived Key & External Key File 4
POST local storage - angular 0
Collecting multiple items and saving to one list item, for eventual storage as a record. 8
RSA implementation issues in public key pem loader function 0
How can I upload a tar.bz2 file to OpenStack swift object storage container using the Python swift client? 2
key/value store optimized for disk storage 23

Members online

No members online now.
Total: 316 (members: 0, guests: 316)
Robots: 305

Forum statistics

Threads
474,431
Messages
2,571,677
Members
48,796
Latest member
Greg L.

Latest Threads

Top