On Wed, 2007-03-28 at 16:34 +0100, Darren J Moffat wrote:
> > I'm uncomfortable with leaving this to the individual service (since it
> > effectively forces each service to reinvent their own wheel), especially
> > without very specific guidance in the SMF documentation.
>
> and where is the decryption key (or PIN to authenticate to the keystore)
> going to come from during boot ?
I this as a risk reduction exercise.
Making components other than SMF do the encryption/obfuscation doesn't
actually solve that problem, and, if anything, makes solving the problem
harder.
In the absence of a secure token, merely placing the SMF repository key
in a separate file reduces the risk of accidental exposure of sensitive
properties (for instance, through a "grep .. *" as root in the wrong
directory).
It also reduces (but does not eliminate) exposure in backups.
- Bill
