chef - [chef] Re: Handling of encrypted data bag keys

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] Re: Handling of encrypted data bag keys

From: Brad Knowles < >
To:
Cc: Brad Knowles < >
Subject: [chef] Re: Handling of encrypted data bag keys
Date: Fri, 12 Apr 2013 06:28:13 -0600

On Apr 12, 2013, at 3:25 AM, Thom May
< >
wrote:

> Our real problem is that we're not a homogenous EC2 environment, so IAM
> doesn't work out so well. S3 is a decent solution that's actually
> accessible for all our nodes, but distributing the keys to sign S3 URIs is
> a hard problem, too.

So, I'm curious -- does anyone know of any good public key crypto solutions
in this space? I believe that traditional encrypted databags have always
used symmetric-key algorithms, but then that has the problem of having to
securely store and distribute everywhere the same key for decryption that was
used for encryption (e.g., 3DES, IDEA, AES).

What about using RSA instead? Or maybe doing at least key exchange with
public-key algorithms, so maybe using Diffie-Hellman for that?

Thanks!

--
Brad Knowles
< >
LinkedIn Profile: <http://tinyurl.com/y8kpxu>

[chef] Re: Re: Re: Re: Handling of encrypted data bag keys, Thom May, 04/11/2013
- [chef] Re: Re: Re: Re: Re: Handling of encrypted data bag keys, Cassiano Leal, 04/11/2013
  - [chef] Re: Re: Re: Re: Re: Re: Handling of encrypted data bag keys, John E. Vincent (lusis), 04/11/2013
    - [chef] Re: Handling of encrypted data bag keys, John Martinez, 04/11/2013
      - [chef] Re: Re: Handling of encrypted data bag keys, AJ Christensen, 04/11/2013
        
        [chef] Re: Re: Re: Handling of encrypted data bag keys, Thom May, 04/12/2013
        
        [chef] Re: Handling of encrypted data bag keys, Brad Knowles, 04/12/2013