Is there a good solution to the problem of starting up a network server that
needs access to an encrypted database? For instance, a server that has its own
RSA key pair encrypted on disk, and needs to decrypt it during operation so
the private key is available in memory?
The only examples I've seen so far (e.g., Netscape servers set up to use SSL)
require you to type in a pass phrase during server start-up. (They also give
you the option of having the server store the pass phrase on disk, although
they warn you that this is completely insecure.)
These seem like the only options to me. If the database the server needs
access to is encrypted, then either a person must type in the pass phrase when
the server starts, or the pass phrase must be stored on disk for the server to
read. The first is inconvenient, and the second insecure.
I follow the crypto mailing list, but I'm not anywhere close to being a
cryptography expert. I'd appreciate any insights the list may have to offer.
Thanks in advance.
--
Jeff Smith
Purdue University phone: 765-496-8285
West Lafayette IN 47907-1408 fax: 765-494-0566
