> If the server is doing all the encryption, then presumably the server is > responsible for storing the keys someplace where it has ready access to > them.
That's really not something you can assume. For example, the server might hold only public keys and when it needs to decrypt something, the private key is provided to it by the client and stored only for the duration of the transfer. It's possible that the keys are stored on the server, but doing the encryption on the server means only that the server must have the encryption key while it is encrypting. It says nothing about the decryption key or where the keys are stored when they aren't in use. > If this is the case, how is encryption protecting the data in the > event the server is compromised? It depends what your threat model is. If the only lines into the server are serial ports with a protocol that's locked down, a server compromise is not likely to be on your radar. Many of these schemes scope is to secure the client and server security is outside their scope. That said, it's best to provide structural security in the server if this is at all possible. And it almost always is. > My concern is that this provides some > level of obfuscation without necessarily adding cryptographic security, > unless the clients are providing some kind of token needed by the server > to recover the keys. Is that the case? I think your argument is based on a false premise. In the majority of real-world cases, the server is much more secure generally than the clients are. Storing the keys on the server is likely going to be safer than storing them on the client. I think your implied reasoning is that each client can only compromise its own security while the server can compromise the security of all the clients. While this is true, there are many implementation scenarios where it's inapplicable. Consider, for example, a scenario where all the data is actually owned by (and disclosure would primarily harm) the server rather than the clients. In that case, scattering the keys left and right doesn't make things any more secure -- just much less so. At least you can secure the server if you control it. On the other hand, you may be dead on. We don't know enough about the OP's scenario to say all that much. Your comments just seem to have one very particular scenario in mind and one that I don't think is all that typical. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
