On Wed, 2005-06-08 at 16:08 +0200, Magnus Hagander wrote: > > Hi, > > I¡¯m using postgreSQL with SSL these days. The version I¡¯m > > using is 8.0.3. I found that it¡¯s impossible to use an > > encrypted key file. > > When you use a protected server.key file, you will be > > prompted to input your passphrase EVERYTIME IT¡¯S USED, not > > only when you start the server but also when a client makes a > > connection. So you have to leave the key file un-protected. I > > think it¡¯s a serious vulnerability since the security relies > > on the secrecy of the private key. Without encryption, the > > only thing we can use to protect the private key is the > > access control mechanism provided by the OS. > > Any comments on this issue? > > If you don't trust the access control provided by the OS, why are you putting sensitive data on it? > If one can break your access control in the OS they can read all your data anyway - they don't even need to sniff the wire and decrypt it using the key. Or they can just change the passwords of your users and connect - or *change* they key. Yes and no. They can't change the key. It's tied to the certificate, which is signed. They need to get a signed certificate from a trusted CA, and put the associated private key on your server after they cracked it. Which is much like leaving a big banner with "Yes, it was me!" signed by you on the crime scene. :-) But overall I agree. If they gained enough privilege to read the key file, it's possible they're able to access the data as well. They might be able to patch the server and have the password that protects the key logged somewhere next time you type it in. OTOH, I see no advantage in reading the key at connection time instead of startup time (like every other daemon does). Encrypted key has an interesting significance with backups. Someone may be able to steal one backup of yours. They'll get old data (maybe you don't care much about that), _and_ the key. You don't want them to be able to sign stuff or impersonate your servers with it. .TM. -- ____/ ____/ / / / / Marco Colombo ___/ ___ / / Technical Manager / / / ESI s.r.l. _____/ _____/ _/ Colombo@xxxxxx ---------------------------(end of broadcast)--------------------------- TIP 7: don't forget to increase your free space map settings