Pablo Manalastas said: > On Thu, 16 May 2002, Andre John Cruz wrote: > >> my plan is to come up with a web-based system for this, but i don't >> know how to deal with storing private keys...i don't think it's a wise >> idea to store them in a database server. > > You don't deal with them. You let each owner store his own private key > wherever the owner feels it is safe to store it. In fact > you do not know the private key of other people, even if you administer > the public key infrastructure. That's the idea of private keys. > Only the owner knows his private key. But public keys are a different > matter altogether. You want the whole world to know that this > person's public key is this, and surely this.
hi, thanks a lot for all your input...now i'm getting a clearer idea...but then, about this web-based thingy, it's totally possible that when the web server reads the owner's private key (through a file-upload form, for example) it will secretly copy the key elsewhere, right? how do i establish among my users that they should trust my program that it doesn't do monkey business with their private keys? :) -dre _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
