Michael Konietzka wrote:
One suggestion was not to backup the keys on the "drive" but to print the PEM-File with a ordinary printer and storage this paper in a vault in the "personnel department".
Any other suggestion are welcome. ;-)
there my be an option like: the "data privacy officer (dpo)" ;o), at least in germany/europe (where some laws may require this) in other cases it may be a different person, has a own key pair, all backups are encrypted with the public key of this person (which have of course a safe backup of its private key too)
so if one private key of any person is needed, it must be accessed through the dpo - so one can ensure some workflows and noone can just take the paper print and make its own copy of it... (scann and abuse)
so, the data is a bit safer i think, and there can be special roles introduced which have to be accessed to get access to the wanted data, since they are in control of the keys...
greetings dalini
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
OpenCA-Devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-devel
