For PCI compliance, is there any recommended Encryption Key Management Software? Open source preferable, but commercial is ok too. Is there a tool or software that provides both?
A:
Most, if not all, programming languages come with encryption functionality built in. Just search the documentation of your favorite language to see what is available and how to use it. For PHP I use mcrypt.
John Conde
2010-07-29 13:28:11
+1
A:
ezNCrypt looks like it may be useful, it promises TDE for MySql
You could also consider using MS SQL 2008 to store the card data, then look into Extensible Key Management. There are a few EKM providers out there, such as Thales. Using a 3rd party EKM would be easy (probably zero development time), but very costly (think $50k). With an EKM module you can then use Transparent Data Encryption
If you only want key management, without the transparent data encryption, then StrongKey is probably your best price/performance option. You'd need to spend some development time to integrate with it.
If you want to take the time and develop your own solution, then I can offer some help in the answer here
Good luck!
PaulG
2010-07-30 08:51:44
That's a good amount of excellent information. eznCrypt looks promising, but seems to be pricey. Can I use the Java Key store implementation instead? Also, is StrongKey used in production environments?
Ram
2010-07-30 12:45:28
I'm not too familiar with Java, so in short - not sure, on either count. Sorry.
PaulG
2010-07-30 14:55:07