storing keyrings into SQL database?

Ryan Malayter rmalayter@bai.org
Thu May 22 09:07:52 2003


From: "Branko F. Grac(nar" [mailto:bfg@noviforum.si]=20

||You could certainly store keyring files in a SQL database, then
extract
||them from to a unique temporary filename when need. Use random hex
<snip>
|Uf. This is ugly and possibly unsecure, but it's doable.

It's at least as secure as storing each user's key in a separate
directory on the server. All you need to do is make sure your random
temporary filename space is large enough that there are no collisions,
your random numbers are generated well (with GnuPG itself?), and the
user's SSL session is protected from hijacking using best practices.

It is of course uglier than using the data directly from the DB;
however, I've seen loads of commercial and purpose-built web apps that
use per-session temporary files. Some times it's the only way to
interface with a particular program on the web server.

Your other option is to use the GnuPG source or the GPGme library to
build a special version that accesses the keyrings directly from a
database. This is what open source software is all about.

And finally, what in the heck does "Uf." mean?

	-ryan-