Re: [Handle-info] encryption of private key

[Scott Yeadon <scott.yeadon@anu.edu.au>]

Hi Sean,

Sean Reilly wrote:
> Hi Scott,
>
> The reason you would encrypt the private key is in case someone broke 
> into your machine and stole the private key file.  Of course, if you 
> are loading the private key into a tomcat service then you will likely 
> need to store the passphrase as an init-param anyway, so you are right 
> that this isn't really any better than simply storing the key 
> unencrypted.
Good, I'm glad I wasn't just imagining that!
> I assume your service doesn't require users sending their private key 
> and/or passphrase over the net.  If so, we should talk :)
That's right, our client and server software must be co-located and user 
authentication is provided via other various means. There is no sending 
of private key or passphrase info across the network.
> If you want to change your private key from encrypted to unencrypted 
> you won't need to resubmit your site bundle, you can just use the 
> following command to remove the encryption (but keep the same key pair):
>
>   java -cp handle.jar net.handle.apps.tools.KeyUtil <privatekeyfile>
>
> If you actually generate a new key pair for the server (not the 
> adminpriv/adminpub pair) then you would need to resubmit your site 
> bundle.
Swish, thanks.
> Thanks,
> Sean
>
>
> On Oct 8, 2008, at 12:30 AM, Scott Yeadon wrote:
>
> > Hi,
> >
> > I installed a development handle server and have just started playing 
> > with the client API. I configured an encrypted private key but am now 
> > wondering if that was really necessary,
> >
> > If we're running a handle client and server on the same machine and 
> > the client API is part of separately authenticated services is it 
> > better to *not* encrypt the private key? The authentication against 
> > access to the services provides the mechanism for determining whether 
> > someone actually is who they say they are so any passphrase appears 
> > superfluous. Whenever the client needs to do anything in the admin 
> > realm the passphrase is required to decrypt the key, meaning the 
> > storage of the key in plain text (either file or Tomcat init-param, 
> > for example) will be required which seems an unnecessary overhead and 
> > could be more insecure than just the private key sitting in a 
> > non-web-accessible area. I couldn't find any guidelines on when to 
> > use encrypted or unencrypted keys but presumably encryption would 
> > only be needed where a user interface is required to authenticate a 
> > user directly against handle services. Can anyone confirm this?
> >
> > I assume a change from an encrypted private key to unencrypted 
> > private key requires the sitebundle to be resubmitted?
> >
> > Thanks.
> >
> > Scott.
> >
> >
> > _______________________________________________
> > Handle-Info mailing list
> > Handle-Info@cnri.reston.va.us
> > http://www.handle.net/mailman/listinfo/handle-info


_______________________________________________
Handle-Info mailing list
Handle-Info@cnri.reston.va.us
http://www.handle.net/mailman/listinfo/handle-info