key storage

Ajay abra9823 at
Fri Aug 27 03:12:19 CEST 2004

i am building a web application. for client authentication, i am using
cookies which include the HMAC of the data.
the server also has a public/private key pair for signing and verifying
my question is how should these be stored on the server? encryption is
the best solution, but if i encrypt them with another key, the question is
where does this key get stored?
i am using SunOS. the problem is i dont have access to the webserver. my
web applications consists of a number of python scripts that allow you to
create user models.
Thus there is no application start or end and all state (including keys
used) must be stored in files which are read when a request is made.
if i could actually configure the server (or if i had written my own server
app) i could make it read a set of keys (or a passphrase) from a file
(stored on removable media) at startup and use those. the media itself
could be removed.
But i cant really do that with a whole lot of cgi scripts, can i?
since the webserver is an apache, i think i should look at what features it
offers in such a situation - i was hoping someone would have come across
this problem before and solved it

Ajay Brar,

This message was sent using IMP, the Internet Messaging Program.

More information about the Python-list mailing list