[ale] Key management

Michael H. Warfield mhw at WittsEnd.com
Wed May 14 12:53:13 EDT 2008 

Hello,

On Wed, 2008-05-14 at 09:26 -0700, Kevin O'Neill Stoll wrote:
> Hey guys,

> Need some help with direction on encryption 

> Goal: I need to encryption plain text files while at rest.
> One use case would be: files are received via ftp from
> various banks and should/could be encrypted with gpg with
> the recipient defined as the consuming application, in this
> case, Oracle Financials.

> Problem: the consuming application will be receiving
> encrypted files from many sources, not just the ftp host,
> so Oracle Financials has to know about a great many public
> keys, assuming the use of gpg. How do I got about managing
> these keys in a central way?

	Either I don't understand your application or you have this completely
upside down.  "Oracle Financials" only needs one key, its private key.
All the other parties will have the public key and encrypt the data to
that public key.  Then, only Oracle Financials will be able to decrypt
the files once it receives them.

	So, I'm assuming that originating source "S" encrypts to key "O" and
then the data is transferred to "O" through some means involving some
resting data at each end.  "O" can then decrypt the data as needed and
when needed and the data remains encrypted on storage.  "S" would then
have no means to even decrypt the data that they generated unless they
added their own key (and a wise move would be to also sign the data for
authentication purposes) or kept a copy for themselves (very unwise).

> I have looked into pks and sks, but catch here is they
> wanted something supported by our vendors (SuSE in this
> case).  
> 
> So, how do I manage a bunch of keys like this?
> 
>  
> If you don’t think gpg is the answer, I’m open to ideas.
> I’m not stuck on anything at this point, just trying to
> figure out how to roll an encryption solution that I can
> ultimately hand off to an operations group and can scale /
> support 500+ end-points.
> 
> Also, not afraid of commercial solutions but would like to
> exhaust any and all oss solutions first.
> 
>  
> Thanks 
> 
> PKS: http://pks.sourceforge.net/
> 
> SKS: http://www.nongnu.org/sks/
> 
>  
> 
> 
> 
> 
>       
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> 
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471        | possible worlds.  A pessimist is sure of it!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20080514/5145571e/attachment.bin

More information about the Ale mailing list