David Wall wrote: > In our open-esignforms project we use a layered approach for keys in > which we have a boot key for the application that requires dual > passwords which we then combine into a single password for PBE > encryption of the boot key. We then have session keys that are > encrypted with the boot key, and the session keys are used to encrypt > one-up keys for encrypted blobs. > > In your case, you could encrypt your key using PBE assuming you have a > way to provide the password to unlock it. This would allow you to > protect the key with a password, which is the most basic way to go if > you don't have a keystore to use. I covered this a little bit in my recent security presentation: http://momjian.us/main/presentations.html#securing -- Bruce Momjian <bruce@xxxxxxxxxx> http://momjian.us EnterpriseDB http://enterprisedb.com + If your life is a hard drive, Christ can be your backup. + -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
