Re: PGP scripting...

From: David Wagner (dawat_private)
Date: Wed Jan 08 2003 - 14:32:11 PST

  • Next message: Sinan Eren: "RE: Suggestions for third-party code review consultants?"

    Andrew MacKenzie  wrote:
    >We (my client) have a system that loads orders into an Oracle DB, and
    >processes billing (Java/Solaris based).  One of the 'decrees' from my
    >client is that all files that store 'sensitive' data (customer info and the
    >like) shall be PGP encrypted, and *never* be stored on a HDD in
    >un-encrypted form (even while processing said file).
    
    If it were me, I'd consider using two machines.
    
    Machine A is connected to the outside world, receives orders,
    and PGP-encrypts them using Machine B's public key.  Note that
    Machine B's private key should never be known to Machine A.
    
    Machine B receives encrypted orders from Machine A, enters them
    into a database, and decrypts them in memory when needed using
    Machine B's private key, which might be stored on Machine B's
    hard disk.  Better yet, the private key might be on a smartcard
    or crypto co-processor attached to Machine B.
    
    The two machines would be connected only by a serial port, which
    can only transmit encrypted orders (no general TCP/IP traffic
    over the serial port!).  Machine A can be connected to the outside
    world (Internet connection, etc.).  Machine B should not be connected
    to anything else, except by its serial port to Machine A.
    
    Would this type of architecture help?  Are there any ideas here
    that you can use?  You haven't really specified your problem well
    enough for me to understand your scenario, but I wanted to pass on
    this brainstorm in case any of the techniques I've described are
    useful to you.
    



    This archive was generated by hypermail 2b30 : Wed Jan 08 2003 - 18:09:37 PST