PCI DSS compliance
ndk.clanbo at gmail.com
Thu Nov 10 18:42:52 CET 2016
Il 10/11/2016 16:24, helices ha scritto:
> Our company must decrypt ~100 files 7x24 in near real time. How can SSSS
> work - or any reasonable alternative - in such a production environment?
Wouldn't a smartcard solve (at least partially) the issue?
Insert it in a pinpad reader and have the PIN shared between two
administrators. Both are required at system boot to unlock the card. If
the card gets removed, no single admin can unlock it.
Sure, an admin could just use it while connected to the server to
decrypt files (or simply read stored files) but as others said there's
no way to prevent that if the attacker have physical access to the system.
More information about the Gnupg-users