PaulDotCom mailing list archives
Crypto Key Management Process?
From: chris.biettchert at gmail.com (Chris Biettchert)
Date: Sat, 21 Mar 2009 14:47:45 -0700
What type of application is it? Key management policies are great but you also need to be sure that the system is designed/developed to withstand attacks. I would start by using well known and trusted implementations of crypto libraries. Keyczar can simplify the implementation and help you avoid errors. Since Steve Weis, Ben Laurie, etc worked on it, I would be more confident in using it than rolling your own crypto wrapper. You will also probably want to purchase an HSM. There are several vendors and price really depends on feature set/required load. If this is going to be used to encrypt e-commerce transactions or someting similar, expect to pay quite a bit to get an HSM that can keep up with the load but a smaller HSM should be within budget of most projects. 2009/2/19 John Fiedler <johnfiedler at gmail.com>
Hi Jason, You should take a peek at the PCI Requirements, they have some decent requirements for companies handling keys used to encrypt credit card numbers. This might not be exactly what your looking for what it might help some. https://www.pcisecuritystandards.org/security_standards/pci_dss_download.html Look at requirements 3.6.x John 2009/2/18 Jason Wood <tadaka at gmail.com>Hi all, I'm doing some reading on doing key management for a project and was wondering what has worked for others. I'm currently reading my way through NIST's guidelines. Does anyone have a document, book, paper, etc that helped them build a secure key management process? Thanks, Jason _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com-- John _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090321/2da93021/attachment.htm
Current thread:
- Crypto Key Management Process? Jason Wood (Feb 18)
- Crypto Key Management Process? John Fiedler (Feb 19)
- Crypto Key Management Process? Chris Biettchert (Mar 21)
- Crypto Key Management Process? Jason Wood (Mar 22)
- Crypto Key Management Process? MV (Mar 23)
- Crypto Key Management Process? Chris Biettchert (Mar 24)
- Crypto Key Management Process? Chris Biettchert (Mar 21)
- Crypto Key Management Process? John Fiedler (Feb 19)