Protecting encryption server

Denis BEURIVE denis.beurive at gmail.com
Tue Jul 28 14:24:08 CEST 2020


Hello,

What is the risk ?

Are you worried that somebody uses the server to sign
inappropriate documents ?

If you cannot trust the guy that administers the server, then I guess that
there is not much you can do to prevent him from signing
inappropriate documents. You may choose to dispatch the responsibilities,
so nobody has full administrator authorization. However, if you think that
the administrators may collaborate with each other, then there is nothing
you can do.

Are you worried that somebody steals the server private key ?

If you are only concerned by the theft of the secret key, then you can
externalize the signature process to a Secure Signature Creation Device (
https://www.cryptomathic.com/products/authentication-signing/digital-signatures-faqs/what-is-a-secure-signature-creation-device
).

Regards,

Denis

Le mar. 28 juil. 2020 à 12:19, Ayoub Misherghi via Gnupg-users <
gnupg-users at gnupg.org> a écrit :

> I am going to have a server machine doing encryption. How do you protect against server operator or admin tampering. This is a scenario where internal threat or hostility is high; you cannot trust your own guys. (Real situation; not paranoid.)
>
> Thanks,
>
> Ayoub
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20200728/3ffe332a/attachment.html>


More information about the Gnupg-users mailing list