During our current annual PCI DSS audit, our auditor complains that a human being can access the company's private key and, thus, a human being can decrypt sales files containing credit card information.
All production processes are fully automated and run as non-privileged user. We use GPG encryption for all file exchanges between this company and banks, and between vendors/clients and this company. The latter is the issue. What can be done about this? Please, advise. Thank you. ~ Mike
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
