IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [key-management]

Key management involves the entire key life-cycle: generation, exchange, storage, safeguarding, use, vetting, revocation, replacement and retirement.

Key management is a critical function in a secure system using keys, and is perhaps the most difficult.

See: Key management - Wikipedia

856 questions
37
votes
2 answers

Protecting a private key by spreading it over multiple places

Is it safe to split a private key file and put it in different locations? I mean can somebody actually do anything with only a part of a key?
dblouis
  • 493
  • 4
  • 8
33
votes
7 answers

How great is the risk in publicly sharing part of a private key?

If two people want to check they have the same (say 256 bit) private key, how great is the risk in sharing the first say 8 chars over a potentially public channel? Can an attacker recover any more information than just those characters, and/or how…
Jamie Bull
  • 492
  • 1
  • 4
  • 7
22
votes
5 answers

How can I explain the concept of public and private keys without technical jargon?

Possible Duplicate: Principle of asymmetric algorithm in plain english In the spirit of How can I explain SQL injection without technical jargon?, do you have any suggestions on how to explain the concept of a key pair to someone who's not well…
NickAldwin
  • 320
  • 1
  • 2
  • 6
14
votes
3 answers

How to secure SSH such that multiple users can log in to one account?

Consider a generic up-to-date Linux distro hosting a web server. I need three humans to occasionally SSH into the same user account to perform some action that can only be done by that particular user account. The 'easy way' to do this would be to…
dotancohen
  • 3,736
  • 3
  • 26
  • 34
9
votes
4 answers

Print or burn encryption key?

I'm thinking of setting up a cloud backup for home computers, and to increase privacy I want to encrypt the data with my own encryption key. The "cloud" would give me a chance to restore data in case of catastrophic event causing loss of all…
AGrzes
  • 616
  • 6
  • 11
7
votes
1 answer

How to encrypt the data such that only the user (owner) can decrypt them

Here is the system: The client side of our system generates confidential data that needs to be encrypted. Only the user should be able to read them, by that, I mean that even us who managed the data base and the whole application should not be able…
Anewbis
  • 173
  • 2
  • 6
5
votes
4 answers

How to inject a key (physically) on a huge number of devices?

The system I am designing has a huge number (assume millions) of individual devices, and each device needs to be injected with a unique symmetric key dedicated to that device. Each device also has a serial number with which it can be physically…
D.H.
  • 628
  • 7
  • 14
5
votes
2 answers

How are symmetric cryptographic keys stored?

If you have a symmetric key which is negotiated via SRP protocol between a mobile device (e.g. smartphone) and a server, what would be a safe way to persist this resulting key on each side? On the client side you could use PBKDF2 or a similar key…
MSc
  • 51
  • 2
5
votes
3 answers

Do I ultimately have to hold a key in my head?

To preface, I'm not an IT security person, just a layman intrigued by the logic. I had this question while reading about Ladar Levison turning a key to his email service on paper to the government. That means that he has this key on a storage device…
Heisenberg
  • 153
  • 4
5
votes
2 answers

What's the right way to provision, share and store (in a db) cryptographic keys?

Two systems must share a secret for JWT signing. The secret has to be shared and stored. Are there tools and there guidance for doing this securely?
bbsimonbb
  • 969
  • 7
  • 12
4
votes
1 answer

Symmetric key management

I am currently employing GNU Crypto in Java and I am now deciding on the best way to store the keys. The question Storage of 'secrets', keystores, HSMs and the rest has led me to believe the best course of action, without purchasing expensive…
John
  • 41
  • 3
4
votes
1 answer

Strategy to migrate Passwords securely from one application to another

We are working on a tool that exports data from Source Application "S" to CSV files. These CSV files are manually migrated to box where the Target Application "T" resides. Each line in this CSV is encrypted. The sensitive data being migrated are…
Rajesh Choudhari
  • 41
  • 1
3
votes
2 answers

Storing the master key in the app server binary

Imagine you have a master key to encrypt/decrypt the data saved in your database of your app service. What is the risk of having this key embedded in your app service code to store this key in the app server binary files? Can hackers get this key…
iCode
  • 323
  • 1
  • 2
  • 7
3
votes
1 answer

Key Management: storing encrypted key in database and decrypted key in session variable

Edit: Rephrased title to hopefully get some interest on what I would have thought was a common issue ? I am developing a website using php/mySQL to store non-commercial data and it will be clearly labelled as not for sensitive information. The site…
user34252
  • 41
  • 5
3
votes
2 answers

Encrypt+Signing data: PKCS#7 / CMS or do-it-your-own way?

Currently I'm saving an array of AES keys into a keychain as JSON, saved as a text file / SQL text column: { [ { encryptedAesKey:RsaEncryptedBytesBase64Encoded==, signature:RsaSignatureBytesBase64==, …
DeepSpace101
  • 2,183
  • 3
  • 23
  • 35
1
2 3