views:

38

answers:

2

For PCI compliance, is there any recommended Encryption Key Management Software? Open source preferable, but commercial is ok too. Is there a tool or software that provides both?

A: 

Most, if not all, programming languages come with encryption functionality built in. Just search the documentation of your favorite language to see what is available and how to use it. For PHP I use mcrypt.

John Conde
+1  A: 

ezNCrypt looks like it may be useful, it promises TDE for MySql

You could also consider using MS SQL 2008 to store the card data, then look into Extensible Key Management. There are a few EKM providers out there, such as Thales. Using a 3rd party EKM would be easy (probably zero development time), but very costly (think $50k). With an EKM module you can then use Transparent Data Encryption

If you only want key management, without the transparent data encryption, then StrongKey is probably your best price/performance option. You'd need to spend some development time to integrate with it.

If you want to take the time and develop your own solution, then I can offer some help in the answer here

Good luck!

PaulG
That's a good amount of excellent information. eznCrypt looks promising, but seems to be pricey. Can I use the Java Key store implementation instead? Also, is StrongKey used in production environments?
Ram
I'm not too familiar with Java, so in short - not sure, on either count. Sorry.
PaulG