On Tue, Jul 28, 2020 at 08:39:28AM -0700, Ayoub Misherghi via Gnupg-users <gnupg-users@gnupg.org> wrote:
> A human environment went insane and uncontrollable. The system is intended > to bring sanity back and maintain it. > > > Client programs access server(s) for real-time encryption or decryption. > Network of servers that may be located at different geographic locations. > Each server would need keys that need to be protected. The servers are in a > hierarchy communicating with each other securely as needed. Horrible > environment to protect. > > > Server design may need to be specialized with immunity to tampering and > abuse. Operator and admin may need to be on constant monitoring/surveillance > with biometric ID. Equipment may need to be identifiable and be under > constant monitoring and surveillance. > > Grateful for all suggestions. Keep them coming. I have a lot to learn. > > Ayoub You might be asking in the wrong place. We can suggest helpful things like vetting staff, hardware security modules (HSM), separation of duties, privileged access management, ISO27001 etc. but this is just a gnupg mailing list, not a security architecture mailing list. You should consider engaging the services of security architects who can analyse your environment in detail and provide something as close to a solution as you can afford. As rjh said, an actual solution is impossible but you do what you can and what you can afford (and log everything for evidenciary purposes). cheers, raf _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users