I think this is where you want to look into a Hardware Security Module
(HSM) or a solution like Hashicorp's Vault server. The split secret would
be used to initialize either of those solutions (Vault uses split keys to
unseal the server out of the box, and can even encrypt those shares to
several d
Il 10/11/2016 16:24, helices ha scritto:
> Our company must decrypt ~100 files 7x24 in near real time. How can
> work - or any reasonable alternative - in such a production environment?
Wouldn't a smartcard solve (at least partially) the issue?
Insert it in a pinpad reader and have the PIN sh
O, yes! I forgot about that:-(
I understand as far as this goes.
Our company must decrypt ~100 files 7x24 in near real time. How can
work - or any reasonable alternative - in such a production environment?
~ Mike
On Thu, Nov 10, 2016 at 9:07 AM, Kristian Fiskerstrand <
kristian.f
On 11/10/2016 03:50 PM, helices wrote:
> So would I!
>
> At this point, our company must achieve PCI DSS compliance before year end,
> and the road to that necessity leads through this auditor, who insists that
> PGP satisfies all requirements.
>
> There is no explanation that he shares with us.
So would I!
At this point, our company must achieve PCI DSS compliance before year end,
and the road to that necessity leads through this auditor, who insists that
PGP satisfies all requirements.
There is no explanation that he shares with us.
~ Mike
On Thu, Nov 10, 2016 at 8:27 AM, Mark H. W
I would be interested to hear this auditor's explanation of how *any*
completely automated software system can protect private keys from a
human with access to the system.
--
Mark H. Wood
Lead Technology Analyst
University Library
Indiana University - Purdue University Indianapolis
755 W. Michig
Yes, our company has been doing all four of your suggestions for years,
including written policies and procedures, and we passed all prior years of
PCI DSS auditing without incident.
Near as I can tell, nothing has changed in this regard in PCI DSS standards
in the last twelve months, to which our