Security Basics mailing list archives
Re: Regarding Private key
From: Stefan Castille <stefan.castille () custodix com>
Date: Wed, 17 Jun 2009 17:18:31 +0200
I would propose the following solution.1) get a USB smartcard token (eg egate) and store the key there. They are inexpensive and should do the trick. That way you can only encrypt and decrypt the message if you are in possession of the physical token and know the pin passphrase. This will also mean that failed attempts to decrypt the file will be noticed (your smartcard will be locked)
2) descrypt and encrypt the file on a memory filesystem so it is never stored on disk
3) enable encryption for the swap partition With kind regards, Stefan Castille stefan.castille () custodix com +32 9 210 78 91 On 17 Jun 2009, at 11:38, manmeet Singh wrote:
Hi all,I am facing a very tedious probelm. I want to know what the various options and how secure are these options.I have a file that contains plaintext.I have to read that file and after first read , encrypt it(AES) and delete the plain text file and save the encryped file.On subsequent reboots, i have to read decrypted text.Now the question is How do i manage the AES key?Storing the AES key/IV in file is one option? (Isnt It same as storing the plain key assuming i dont have any secure storage)Hard code the AES Key/IV values in the code? What other options are possible. ? Warm Regards, Manmeet Singh ------------------------------------------------------------------------ This list is sponsored by: InfoSec InstituteNeed to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff!http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html ------------------------------------------------------------------------
Attachment:
smime.p7s
Description:
Current thread:
- Regarding Private key manmeet Singh (Jun 17)
- Re: Regarding Private key Stefan Castille (Jun 17)
- Re: Regarding Private key Aarón Mizrachi (Jun 17)
- Re: Regarding Private key Srikanth Dabbiru (Jun 17)
- Re: Regarding Private key Jeffrey Walton (Jun 17)
- <Possible follow-ups>
- Re: Regarding Private key mannirulz30 (Jun 17)
- Re: Regarding Private key ron (Jun 17)