Re: hiding encryption keys

From: Paul Rubin (//phr.cx_at_NOSPAM.invalid)
Date: 08/15/05


Date: 14 Aug 2005 17:30:13 -0700

Mike Amling <nospam@nospam.com> writes:
> This is a problem that has been solved by thousands of web sites
> that support SSL connections.
> Note: I don't know what the solution is, just that it exists.

Usually on SSL servers, the keys are stored in disk files encrypted by
passphrases. When you start the server, the key file gets loaded into
memory and you type the passphrase. Fancier servers use hardware
modules to hold the keys. It sounds like the OP wants to store secret
keys on desktop Windows machines where the user can't get at them,
which sounds like some kind of DRM application. That's a totally
different set of problems than an SSL server.



Relevant Pages

  • Re: hiding encryption keys
    ... Usually on SSL servers, the keys are stored in disk files encrypted by ... passphrases. ...
    (sci.crypt)
  • Re: Cipher advice
    ... use SSL to do a key exchange. ... then be used to encrypt data travelling between the client and server. ... Care to share the technical reasons, in case we can suggest anything ... Use independent keys in each direction (don't re-use the same keys ...
    (sci.crypt)
  • Re: apache+ssl
    ... How do you get SSL to work? ... I created the keys as mentioned above. ... Also tried moving all the SSL directives into the Directive ... Anyone have a HOWTO that actually works? ...
    (Debian-User)
  • Re: Java Security
    ... (We can pick a private algorithm but decompiling ... Never give encrypt keys on an application. ... give them by phone or letter, or use a SSL http website with the user login, ...
    (comp.lang.java.help)
  • RE: Implications of international SSL key in IE/IIS 5?
    ... The SSL you refer to is called a Server Gated Cryptography Certificate. ... "secure site pro" keys. ... I had used regular "secure site" ... The Secure Site Pro keys are billed as "128 bit keys" and the ...
    (Focus-Microsoft)