Confirmed users
502
edits
Security/Guidelines/Key Management: Difference between revisions
Jump to navigation
Jump to search
Security/Guidelines/Key Management (view source)
Revision as of 21:49, 23 October 2014
, 23 October 2014→PGP/GnuPG
Gdestuynder (talk | contribs) |
Gdestuynder (talk | contribs) |
||
| Line 158: | Line 158: | ||
=== Protection of machine keys === | === Protection of machine keys === | ||
* Storing the key material in a hardware token or HSM is preferred over simply using a strong passphrase. | * Storing the key material in a hardware token or HSM is preferred over simply using a strong passphrase. | ||
* The keys must be accessible only by the admin user (root) and/or the system user requiring access. | * The keys must be accessible only by the admin user (root) and/or the system user requiring access. | ||
Usage of machine keys should be registered in an inventory (a wiki page, LDAP, an inventory database), to allow for rapid auditing of key usage across an infrastructure. | |||
=== Choice of algorithm === | === Choice of algorithm === | ||