[openssl-users] Regarding the security of the keys

Mike Mohr akihana at gmail.com
Wed Jul 22 04:09:01 UTC 2015

Actually that isn't quite right.  A properly configured and tuned RBAC
<https://en.wikipedia.org/wiki/Grsecurity#Role-based_access_control> policy,
when combined with PaX <https://en.wikipedia.org/wiki/Grsecurity#PaX>, can
very effectively limit all userspace activity (including root access!).  It
helps if you can also use a hardware security module
<https://en.wikipedia.org/wiki/Hardware_security_module> to protect your
key material.

On Tue, Jul 21, 2015 at 1:48 AM, Salz, Rich <rsalz at akamai.com> wrote:

> > If some one build their own openssl and add few lines to print the keys
> during encrypt and decrypt and put in the library in the LD_LIBRARY_PATH,
> may result in compromising the security of the keys.
> Can anyone other than root do this?  You have to trust root.  They could
> just cat your keyfile anyway.
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150721/20454e24/attachment.html>

More information about the openssl-users mailing list