Re: Regarding Private key

I would propose the following solution.

1) get a USB smartcard token (eg egate) and store the key there. They are inexpensive and should do the trick. That way you can only encrypt and decrypt the message if you are in possession of the physical token and know the pin passphrase. This will also mean that failed attempts to decrypt the file will be noticed (your smartcard will be locked)

2) descrypt and encrypt the file on a memory filesystem so it is never stored on disk

3) enable encryption for the swap partition

With kind regards,
Stefan Castille

stefan.castille@xxxxxxxxxxxx
+32 9 210 78 91

On 17 Jun 2009, at 11:38, manmeet Singh wrote:


Hi all,
I am facing a very tedious probelm. I want to know what the various options and how secure are these options.

I have a file that contains plaintext.I have to read that file and after first read , encrypt it(AES) and delete the plain text file and save the encryped file.On subsequent reboots, i have to read decrypted text.

Now the question is How do i manage the AES key?
Storing the AES key/IV in file is one option? (Isnt It same as storing the plain key assuming i dont have any secure storage)
Hard code the AES Key/IV values in the code?
What other options are possible. ?


Warm Regards,
Manmeet Singh




------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff!

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------



Attachment: smime.p7s
Description: S/MIME cryptographic signature

Relevant Pages

  • Re: Regarding Private key
    ... and how secure are these options. ... encrypt itand delete the plain text file and save the ... If the key is stored on the file, anyone could use it to decrypt the ... Instructor-Led and Online formats is the most concentrated exam prep ...
    (Security-Basics)
  • RE: NTE_BAD_DATA
    ... They are NOT used DIRECTLY to encrypt / decrypt data; ... you should generate a RANDOM SESSION KEY and select a SYMMETRIC ENCRYPTION ... // imported from a BLOB read in from the source file or having ...
    (microsoft.public.platformsdk.security)
  • Re: Back Doors
    ... >> Design into the system a master key. ... Encrypt that with public key. ... Decrypt random symmetric key with private key. ...
    (sci.crypt)
  • Re: CAPI and RC4: can not decrypt when Final parameter is set to F
    ... to store ASYMMETRIC key pairs - never symmetric keys like RC4, ... Now when you need to encrypt at one place and decrypt at the other normally ... Get a HCRYPTPROV handle to a key container with CryptAcquireContext ...
    (microsoft.public.platformsdk.security)
  • Re: RSA - Public vs. Private Keys
    ... This is a common pattern for license software ... your client will send a unique machine hash to the ... will let us decrypt with a Public Key (or simply not ... |> RSA is intended to encrypt messages with public keys only. ...
    (microsoft.public.dotnet.security)