Protecting encryption server
raf
gnupg at raf.org
Wed Jul 29 02:17:07 CEST 2020
On Tue, Jul 28, 2020 at 08:39:28AM -0700, Ayoub Misherghi via Gnupg-users <gnupg-users at gnupg.org> wrote:
> A human environment went insane and uncontrollable. The system is intended
> to bring sanity back and maintain it.
>
>
> Client programs access server(s) for real-time encryption or decryption.
> Network of servers that may be located at different geographic locations.
> Each server would need keys that need to be protected. The servers are in a
> hierarchy communicating with each other securely as needed. Horrible
> environment to protect.
>
>
> Server design may need to be specialized with immunity to tampering and
> abuse. Operator and admin may need to be on constant monitoring/surveillance
> with biometric ID. Equipment may need to be identifiable and be under
> constant monitoring and surveillance.
>
> Grateful for all suggestions. Keep them coming. I have a lot to learn.
>
> Ayoub
You might be asking in the wrong place. We can suggest
helpful things like vetting staff, hardware security
modules (HSM), separation of duties, privileged access
management, ISO27001 etc. but this is just a gnupg
mailing list, not a security architecture mailing list.
You should consider engaging the services of security
architects who can analyse your environment in detail
and provide something as close to a solution as you can
afford. As rjh said, an actual solution is impossible
but you do what you can and what you can afford (and
log everything for evidenciary purposes).
cheers,
raf
More information about the Gnupg-users
mailing list