Paul Romero wrote:
> How do you recommend protecting private keys in an automated
> environment ?
It's very straightforward. Move them as far away from the application
as possible.
The first step is to use an agent process. Protected mode, MMUs and
the operating system offers some protection from errors in the
libssh2 application.
Next step is to make sure that the agent runs as a distinct user in
the OS, which gets you more protection at the kernel level.
A further step might be to move the key into dedicated hardware such
as a smart card or crypto token.
//Peter
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2010-07-09