David Wall wrote:
> In our open-esignforms project we use a layered approach for keys in
> which we have a boot key for the application that requires dual
> passwords which we then combine into a single password for PBE
> encryption of the boot key. We then have session keys that are
> encrypted with the boot key, and the session keys are used to encrypt
> one-up keys for encrypted blobs.
>
> In your case, you could encrypt your key using PBE assuming you have a
> way to provide the password to unlock it. This would allow you to
> protect the key with a password, which is the most basic way to go if
> you don't have a keystore to use.
I covered this a little bit in my recent security presentation:
http://momjian.us/main/presentations.html#securing
--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +