Menu
▾
▴
#1 List key passphrase management agent
Currently, the list private key must be stored
unencrypted in
the server's keyring. This fails the paranoia check.
The key's passphrase (or the decrypted key) should be
stored in
memory by an agent process, which tenders the key to the
other processing stages as needed. Whenever the server is
rebooted, an admin would need to log in and present the
passphrase to the agent.
Together with administrative measures to ensure that the
server must be rebooted to force root access given physical
access, this would pass the paranoia check.
