On Wed, 2005-06-08 at 16:08 +0200, Magnus Hagander wrote:
> > Hi,
> > I¡¯m using postgreSQL with SSL these days. The version I¡¯m
> > using is 8.0.3. I found that it¡¯s impossible to use an
> > encrypted key file.
> > When you use a protected server.key file, you will be
> > prompted to input your passphrase EVERYTIME IT¡¯S USED, not
> > only when you start the server but also when a client makes a
> > connection. So you have to leave the key file un-protected. I
> > think it¡¯s a serious vulnerability since the security relies
> > on the secrecy of the private key. Without encryption, the
> > only thing we can use to protect the private key is the
> > access control mechanism provided by the OS.
> > Any comments on this issue?
>
> If you don't trust the access control provided by the OS, why are you putting sensitive data on it?
> If one can break your access control in the OS they can read all your data anyway - they don't even need to sniff the
wireand decrypt it using the key. Or they can just change the passwords of your users and connect - or *change* they
key.
Yes and no. They can't change the key. It's tied to the certificate,
which is signed. They need to get a signed certificate from a trusted
CA, and put the associated private key on your server after they cracked
it. Which is much like leaving a big banner with "Yes, it was me!"
signed by you on the crime scene. :-)
But overall I agree. If they gained enough privilege to read the key
file, it's possible they're able to access the data as well. They might
be able to patch the server and have the password that protects the key
logged somewhere next time you type it in.
OTOH, I see no advantage in reading the key at connection time instead
of startup time (like every other daemon does). Encrypted key has an
interesting significance with backups. Someone may be able to steal one
backup of yours. They'll get old data (maybe you don't care much about
that), _and_ the key. You don't want them to be able to sign stuff or
impersonate your servers with it.
.TM.
--
____/ ____/ /
/ / / Marco Colombo
___/ ___ / / Technical Manager
/ / / ESI s.r.l.
_____/ _____/ _/ Colombo@ESI.it