If you don't store them on disk, where would you imagine they could be stored? I don't see how you can avoid it. I don't know, maybe in an usb device or a software key manager, I really don't know what is the best and possible alternative Add a comment.
Active Oldest Votes. All security is a trade-off. Improve this answer. Craig Ringer Craig Ringer k 59 59 gold badges silver badges bronze badges. Regarding hardware devices - one can hold a copy of the keys elsewhere, so hardware failure is not a problem. Also USB cryptotokens are more usable on the client side they are too slow for server use. For industrial use there are separate cryptographic devices offered there's a variety of them offered by SafeNet if you are interested.
That's a great answer! Thanks a lot. I've already generated the private and public keys, that encrypt and decrypt the database, using GnuPG. My scenario is a RESTful API consumed by any kind of application, so I'll encrypt the public and private keys on disk, load it in-memory, on API initialization, keep it encrypted in-memory, in each API request I'll decrypt the keys passing it as a parameter to the database functions. So neither the API nor the database knows the keys until it being loaded from disk.
Is it good enough? Absolutely impossible to say whether it's "good enough". You need to do thread modelling - figure out what you're trying to protect against, what the possible resources of an attacker are, look into attack vectors, what the consequences of compromise are, etc.
You need good, case specific security advice. There are good people out there for that, but you'll have to pay them of course. Or spend a lot of your own time reading the relevant resources. Log in or Create a profile. I have moved the Keychain application into an encrypted volume on my computer. Despite this, the names of the keys still appear on GPG Preferences in System preferences and I am able to encrypt and decrypt with my private keys through the services menu.
The private keys must be stored somewhere else other than the Keychain application? If so, where? I'm aware they are also stored on a server but I am still able to perform functions whilst offline. The best answers are voted up and rise to the top. Stack Overflow for Teams — Collaborate and share knowledge with a private group. Create a free Team What is Teams? Learn more. Where do you store your personal private GPG key? Ask Question. Asked 7 years, 8 months ago. Active 1 year, 7 months ago.
Viewed 90k times. So, where can I safely store my GPG private key? Improve this question. Florian Margaine Florian Margaine 2, 3 3 gold badges 12 12 silver badges 10 10 bronze badges.
Mine is simply stored in the OpenPGP application. I keep my private key store on the cloud and on a thumbdrive that I usually have with me. Of course it has a good passphrase. It's really about balancing risk and accessibility. I could easily imagine a situation in which I'd handle my keys very differently. Um, you do have good backups of your hard disk, right? On a smartcard. This may or may not matter to you, but it's something to be aware of.
Show 2 more comments. Active Oldest Votes. I like to store mine on paper. Now, double click on the index. Improve this answer. I've been using hard copies for backing my private keys since , and have had to restore them twice.
The second time I used barcodes actually a sequence of long 1D barcodes rather than a 2D barcode and the restoration process was much easier. I do the same. Go the extra mile and think about how paper can degrade, e.
If an inkjet print gets wet -- put the paper in a ziplock bag, put a second copy in a safe or safety deposit box etc. Just as an option, paperkey also exists: jabberwocky. For real time usage the most secure method would be an OpenPGP smart card with hardware pin entry. Don't forget to wipe the printer's memory afterwards. Show 29 more comments. Darren Cook Darren Cook 6 6 silver badges 6 6 bronze badges. Love this answer, haha : — Saswat Padhi.
Add a comment. This is not what I currently use, but I am thinking about it: Encrypt the private key with very long symmetric encryption key Use Shamir's Secret Sharing to split the symmetric encryption key to 7 pieces like Voldemort , require at least 5 shares to merge successfully. Lie Ryan Lie Ryan This scheme is so sexy — Magnus. Snakes shed, though — Martin.
To fix that, run. Here is how: Identify your private key: Copy. Owner of this card: Thomas Eisenbarth. Say thanks.
0コメント