key-management

Where can I learn about proven methods for sharing cryptographic keys?

Suppose that a group wants to encrypt some information, then share the encryption key among the group members in a way that requires the consensus of the group to decrypt the information. I'm interested in a variety of scenarios where the breadth of consensus ranges from unanimity to an absolute majority. A useful technique can apply to ...

How to store the AES Rijndael generated Key to the database?

Hi, When creating the instance, the KEY and IV are generated for me. RijndaelManaged myRijndael = new RijndaelManaged(); How can I store the Key in my database or web.config file? And in what format? Because I will have to load the key when trying to decrypt the encrypted string obviously. thanks for your help, a little lost on th...

Why shouldn't a private key be stored verbatim or in plain text on the local computer?

I was reading this: http://msdn.microsoft.com/en-us/library/tswxhw92(VS.80).aspx The first sentence says: "Asymmetric private keys should never be stored verbatim or in plain text on the local computer." What's the problem with this? And how does a key container solve it. The reason I'm asking is that I want to generate an asymm...

How to properly do private key management

Has anyone got practical experience or a reference for a scheme that implements a key management scheme that would comply with the PCI DSS security standard? There are obviously quite a few implementations around given the number of companies compliant with PCI DSS but trying to find details of them is tough. When it gets down to stori...

How to extract private keys from an ssh-agent?

ssh-add -l displays that I have 3 RSA keys added to my SSH agent. ssh-add -L displays the public keys. How do I get the private keys as well, so that I can save them to a file? Or is it by design that this is impossible, i.e. ssh-agent can be asked to do operations using the private key, but it will never return the key itself? If it is ...

Android Secure Storage

I want to store some small but critical piece of information such as AES keys in my Android application. What would be the recommended way to do this? I do not want to hardcode keys as part of my application. I look at KeyStore but it does not really solve my problem. It can store my keys given that I can provide a password. Then I need...

Encryption Key Management Software and Transparent Data Encryption MySQL

For PCI compliance, is there any recommended Encryption Key Management Software? Open source preferable, but commercial is ok too. Is there a tool or software that provides both? ...