Hello coco, coco coco wrote:
User's keys are escrowed in a central database, completely separated from the application system (physically and logically, on a remote site). The escrow database is encrypted with two keys (double encryption, one on top of another). The two keys are kept in USB tokens, separately, then they are kept in a safe at a trusted third-party (e.g. a bank). The 2 tokens are kept at two totally different banks. The policy is thatno single person should have access to both tokens at the same time. It requiresat least two dedicated officers to get both tokens.
This looks like a shared secret. Perhaps you should do it that way. In your actual method you need all parties to be active So you are hosed if one key gets lost. A real shared secret model would be able to allow an n of m implementation: From a group of m participants you need at least n individuals to access the data. If you really only want two keys, you can use the simplest encryption method of all: XOR: 1. KEY1 = true random data with length of real data 2. KEY2 = KEY1 XOR real data simple and really really fast. Bye Goetz -- DMCA: The greed of the few outweighs the freedom of the many
smime.p7s
Description: S/MIME Cryptographic Signature
