There's more than one way to do things | |
PerlMonks |
Re^2: OT: Storing encryption keys securelyby Beatnik (Parson) |
on Jan 25, 2017 at 15:40 UTC ( [id://1180300]=note: print w/replies, xml ) | Need Help?? |
During my daily commute, I reprocessed my initial requirements and I realized I didn't consider a primary feature. My application will work as a temporary credential store. Exchange with the third-party application is expensive (time) and may not be functional at all times. My intention is to store encrypted credentials for as long as needed (considering low cost sync time and availability) but that could be more than just a few. I have no control on how the third party will take the credentials so I will have to be able to decrypt them. Again, security is something I will take on but the same question remains. Considering I have 20 non-synchronized (encrypted) credentials, Using a on-startup-keyphrase may not be an ideal approach as a keyphrase recovery will invalidate the non-synchronized credentials. Using an external key management solution (whichever approach) can be considered. My target audience might expect some flexibility in how keyphrases are managed so I'll have to look at different approaches. Thanks for the feedback!! Greetz Beatnik ... I'm belgian but I don't play one on TV.
In Section
Seekers of Perl Wisdom
|
|