PCI DSS compliance
helices
gpg at mdsresource.net
Thu Nov 10 16:24:29 CET 2016
O, yes! I forgot about that :-(
I understand SSSS as far as this goes.
Our company must decrypt ~100 files 7x24 in near real time. How can SSSS
work - or any reasonable alternative - in such a production environment?
~ Mike
On Thu, Nov 10, 2016 at 9:07 AM, Kristian Fiskerstrand <
kristian.fiskerstrand at sumptuouscapital.com> wrote:
> On 11/10/2016 03:50 PM, helices wrote:
> > So would I!
> >
> > At this point, our company must achieve PCI DSS compliance before year
> end,
> > and the road to that necessity leads through this auditor, who insists
> that
> > PGP satisfies all requirements.
> >
> > There is no explanation that he shares with us.
>
> I'd expect it being reference to shamir secret sharing scheme that I
> believe formed part of PGP at some point, but haven't really looked into
> PGP for a while. This would allow e.g split key in 5 parts and require 2
> or 3 at the same time to access it. For the automated system, presumably
> would require two administrators to set it up, and expectation that
> nobody willfully modify the application or read the full private key in
> memory for the regular operation, but at that point would hinder any one
> admin to have access to the full key to use outside of the system.
>
> --
> ----------------------------
> Kristian Fiskerstrand
> Blog: https://blog.sumptuouscapital.com
> Twitter: @krifisk
> ----------------------------
> Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
> fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
> ----------------------------
> Aut disce aut discede
> Either learn or leave
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20161110/8a08c34b/attachment.html>
More information about the Gnupg-users
mailing list