Re: Remotely decrypting a server (Linux)

["J.Hart, Elec.Eng.Tech." <starnetmaster () gmail com>]

How about calling a Decryption Script off the server (passworded) via
the PKI'd VPN (passworded) ?

On 9/12/10, Niall <phierstarter () gmail com> wrote:
> Hi folks,
>
> I have a tricky one here where i need to find a way to securely
> authenticate a decryption mechanism of some sort where the
> authentication is provided remotely without any user-interaction.
>
> Right now i have a number of boxes that all inform a central server
> when they are online. When they do this an OpenVPN connection is set
> up between them and the server.
>
> However, i have been given the task to ensure that the scripts
> involved in this process are encrypted by default. This requires some
> form of self-decryption, which to my mind kind of goes against the
> whole idea of encryption/authentication in the first place.
>
> I need some way to leave decrypted the bare essentials required to
> boot a box and securely connect to the central server automatically.
> Then the server would automatically send a key/passphrase and the rest
> of the files on the box would then be decrypted on the fly.
>
> If anyone knows of any software that provides this (maybe through
> VMs?) it would be greatly appreciated.
>
> I should add hat i'm also open to the idea of self-encrypting hard
> disks, but what i've read about these in regards to Linux support has
> put me off the whole TCG model.
>
> Thanks.
>
>
> --
> Niall
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL
> certificate.  We look at how SSL works, how it benefits your company and how
> your customers can tell if a site is secure. You will find out how to test,
> purchase, install and use a thawte Digital Certificate on your Apache web
> server. Throughout, best practices for set-up are highlighted to help you
> ensure efficient ongoing management of your encryption keys and digital
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------


-- 
-----BEGIN SIGNATURE-----
MIICcDCCAhqgAwIBAgIJANF4eeZDWsmyMA0GCSqGSIb3DQEBBQUAMFsxCzAJBgNV
BAYTAkNBMRAwDgYDVQQKEwdTdGFyTkVUMRIwEAYDVQQDEwlFbGxlIEhhcnQxJjAk
BgkqhkiG9w0BCQEWF3N0YXJuZXRtYXN0ZXJAZ21haWwuY29tMB4XDTEwMDQyMTIy
NDcyNFoXDTExMDQyMTIyNDcyNFowWzELMAkGA1UEBhMCQ0ExEDAOBgNVBAoTB1N0
YXJORVQxEjAQBgNVBAMTCUVsbGUgSGFydDEmMCQGCSqGSIb3DQEJARYXc3Rhcm5l
dG1hc3RlckBnbWFpbC5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAqtMJ/5cO
BhoviJB7+5NN2PJoWeaGswGS7w8mVJC9mriUP2MY3Tlb7AjM6yFplbnaajJSvX+Q
30kTZS9APC//xwIDAQABo4HAMIG9MB0GA1UdDgQWBBT098GRqrODXgRVcPv3slPQ
+lJmwDCBjQYDVR0jBIGFMIGCgBT098GRqrODXgRVcPv3slPQ+lJmwKFfpF0wWzEL
MAkGA1UEBhMCQ0ExEDAOBgNVBAoTB1N0YXJORVQxEjAQBgNVBAMTCUVsbGUgSGFy
dDEmMCQGCSqGSIb3DQEJARYXc3Rhcm5ldG1hc3RlckBnbWFpbC5jb22CCQDReHnm
Q1rJsjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA0EAObS+CzoeUGHRJdnR
XcasTawoqIoQYgo789Ae31AZW72J8WIsAgUmHt2/ESpKPS4DFdL1CDEj61Qb+9KX
7VPqfQ==
-----END SIGNATURE-----

http://www.canada2600.org/
http://www.kamloops2600.org/

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------