Not discounting Luke's excellent response: key management is hard.
Look for utilities with reliable import/export capability. Be prepared
to OWN your keys.
I say this again as a CISSP, own your keys. This is your bread and
butter, so to speak, the family jewels.
So take care when using these products to ensure that they do what you
want them to do and that you know what they're doing.
One shop where I recently worked had a great slogan, "crypto is easy;
key management is hard".
It's not that the crypto was easy but that it's done already,
implemented, coded, packaged. But the keys *must* be managed by you and
your team, not the kind of thing which can be outsourced.
Keys and certs cannot be installed and forgotten. And sadly, some of the
expirations we are given are too short to be practical. (Various
government issued IDs and licenses commonly last FIVE years. Why do PKI
certs last only two? ... or ONE?)
But I'm getting off topic. Sorry.
The point is, keys are fundamentally different than any other software
or data that we have to manage.
And it's a good idea to limit keys to individuals when you can. (Like
the combination to the bank vault.)
It's all about trust.
-- R; <><
On 4/11/24 05:39, Radoslaw Skorupka wrote:
Sometimes we see some key management products like SKLM or EKMF.
...or TKLM, ISKLM, Guardium KLM, etc.
Is there any explanation of the products scopes, comparisons,
features, etc. ?
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
