Re: Regarding Private key

[Stefan Castille <stefan.castille () custodix com>]

I would propose the following solution.

1) get a USB smartcard token (eg egate) and store the key there. They  
are inexpensive and should do the trick. That way you can only encrypt  
and decrypt the message if you are in possession of the physical token  
and know the pin passphrase. This will also mean that failed attempts  
to decrypt the file will be noticed (your smartcard will be locked)

2) descrypt and encrypt the file on a memory filesystem so it is never  
stored on disk

3) enable encryption for the swap partition

With kind regards,
Stefan Castille

stefan.castille () custodix com
+32 9 210 78 91

On 17 Jun 2009, at 11:38, manmeet Singh wrote:

> Hi all,
> I am facing a very tedious probelm. I want to know what the various  
> options and how secure are these options.
>
> I have a file that contains plaintext.I have to read that file and  
> after first read , encrypt it(AES) and delete the plain text file  
> and save the encryped file.On subsequent reboots, i have to read  
> decrypted text.
>
> Now the question is How do i manage the AES key?
> Storing the AES key/IV in file is one option? (Isnt It same as  
> storing the plain key assuming i dont have any secure storage)
> Hard code  the AES Key/IV values  in the code?
> What other options are possible. ?
>
>
> Warm Regards,
> Manmeet Singh
>
>
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: InfoSec Institute
>
> Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both  
> Instructor-Led and Online formats is the most concentrated exam prep  
> available. Comprehensive course materials and an expert instructor  
> means you pass the exam. Gain a laser like insight into what is  
> covered on the exam, with zero fluff!
>
> http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
> ------------------------------------------------------------------------

Attachment: smime.p7s
Description: