In our open-esignforms project we use a layered approach for keys in
which we have a boot key for the application that requires dual
passwords which we then combine into a single password for PBE
encryption of the boot key. We then have session keys that are
encrypted with the boot key, and the session keys are used to encrypt
one-up keys for encrypted blobs.
In your case, you could encrypt your key using PBE assuming you have a
way to provide the password to unlock it. This would allow you to
protect the key with a password, which is the most basic way to go if
you don't have a keystore to use.
David
--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
