I am looking for advice on where to store encryption keys and other sensitive application data. Is a certificate on a USB stick really the way to go here? What can you do to keep your secret keys safe?
+1
A:
If it's a secret and you have to store it somewhere, then at some point it can't really be considered a secret anymore because one way or another somebody will be able to find it, etc. Security is always best considered on a case by case basis, what is acceptable for one solution is not for another and therefore there is not any "fits all" answer. However, where possible (or always) make sure you use a tried and tested method rather than roling your own. Hopefully that does help, but is such a wide open question.
Paul Hadfield
2010-08-12 19:43:44
+2
A:
Keep them on a smart card, or use the Trusted Platform Module (TPM) that is present in many machines sold these days.
erickson
2010-08-12 19:44:04
TPM definitely looks useful tool if the computers involved include the chip.
Paul Hadfield
2010-08-12 19:49:03