Andrew MacKenzie wrote: >We (my client) have a system that loads orders into an Oracle DB, and >processes billing (Java/Solaris based). One of the 'decrees' from my >client is that all files that store 'sensitive' data (customer info and the >like) shall be PGP encrypted, and *never* be stored on a HDD in >un-encrypted form (even while processing said file). If it were me, I'd consider using two machines. Machine A is connected to the outside world, receives orders, and PGP-encrypts them using Machine B's public key. Note that Machine B's private key should never be known to Machine A. Machine B receives encrypted orders from Machine A, enters them into a database, and decrypts them in memory when needed using Machine B's private key, which might be stored on Machine B's hard disk. Better yet, the private key might be on a smartcard or crypto co-processor attached to Machine B. The two machines would be connected only by a serial port, which can only transmit encrypted orders (no general TCP/IP traffic over the serial port!). Machine A can be connected to the outside world (Internet connection, etc.). Machine B should not be connected to anything else, except by its serial port to Machine A. Would this type of architecture help? Are there any ideas here that you can use? You haven't really specified your problem well enough for me to understand your scenario, but I wanted to pass on this brainstorm in case any of the techniques I've described are useful to you.
This archive was generated by hypermail 2b30 : Wed Jan 08 2003 - 18:09:37 PST