storing keyrings into SQL database?
Fri May 23 02:23:02 2003
-----BEGIN PGP SIGNED MESSAGE-----
On Wed, May 21, 2003 at 11:33:12AM -0500, Ryan Malayter wrote:
> From: "Branko F. Grac(nar" [mailto:firstname.lastname@example.org]
> ||You could certainly store keyring files in a SQL database, then
> ||them from to a unique temporary filename when need. Use random hex
> |Uf. This is ugly and possibly unsecure, but it's doable.
> It's at least as secure as storing each user's key in a separate
> directory on the server. All you need to do is make sure your random
> temporary filename space is large enough that there are no collisions,
> your random numbers are generated well (with GnuPG itself?), and the
> user's SSL session is protected from hijacking using best practices.
Instead of storing each key with a random temporary filename, use a
filename derived from the fingerprint of the key. It's deterministic,
plus if two keys have the same fingerprint, they are treated as the
same key for many purposes anyway.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-cvs (GNU/Linux)
-----END PGP SIGNATURE-----