modperl-ssl_assymetric_encryption

This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.



To: Kevin Schroeder <mirage@mirageworks.com>
From: Fabrice Scemama <gesnet@scemama.org>
Subject: Re: ssl encryption
Date: Sat, 16 Jun 2001 04:30:23 +0200 (CEST)

On Thu, 14 Jun 2001, Kevin Schroeder wrote:

> This would make an interesting discussion because I've had the same question
> come up in my mind.  How do you encrypt things on your server without giving
> out the passphrase?  Is it even possible to keep the key in the same
> location as the program using it and still maintain security?

Yes, it's possible. To achieve this, you should use asymetric
encryption, and *not* store the private key in the server.
Then, the question remains : how can I have the server safely
decrypt on demand ?! one possible solution could be to store
the private key in a remote server, dedicated to the unique
task of decrypting the sensitive data. A secure tunnel could be
established between the two servers, so to communicate the
encrypted text, and get back the decrypted text safely.

You could even add security by storing the private key in a
smartcard, and having the smartcard reader connected to the
server. Decryptions would have to be done within the smartcard.
It's completely possible, but you almost certainly don't want such
CPU-expensive operations be done within a 8-bit smartcard !

===

the rest of The Pile (a partial mailing list archive)

doom@kzsu.stanford.edu