Secure unattended decryption
M.B.Jr.
marcio.barbado at gmail.com
Fri Mar 19 18:17:12 CET 2010
Hi Daniel,
On Thu, Mar 18, 2010 at 8:50 AM, Daniel Eggleston <eggled at gmail.com> wrote:
> I know it's sort of a contradiction in terms, but hear me out:
>
> The case I'm looking at is a High Availability environment hosting a
> database. The database is comprised of many Unix files, encrypted via AES,
> on shared storage. If the node accessing the database loses enough of its
> redundant hardware that it can no longer function as the database server,
> control must failover to the secondary node. Since the client systems are
> the priority, the goal is the shortest downtime possible.
>
> The encryption key for the databases is stored on-disk, encrypted with PGP
> (Gnupg specifically).
Sort of a conceptual remark at this point.
See, this database password you refer to is a symmetrical one. And you
stated you keep it on-disk, encrypted with GnuPG.
So, is this last GnuPG encryption also symmetrical?
If so, and if your DBA is GnuPG's password keeper, GnuPG's encryption
would make little sense, considering you're concerned with "high
availability".
It would be more sensible to cease that encryption cascading
(databases's AES + GnuPG's some supposedly symmetrical algo) and let
your DBA carry somehow the AES clear text password, directly.
Check your database's documentation. Perhaps it could maintain
authentication after a failover. And chances increase in redundant
environments, if the referred system depends only on its own
encryption resources.
Regards,
Marcio Barbado, Jr.
More information about the Gnupg-users
mailing list