Home/ Questions/Q 6037359
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T06:03:42+00:00

I know there are a few topics about this, but I still would like

  • 0

I know there are a few topics about this, but I still would like to hear your opinion. I’m creating a website that is going to send some messages around the network. Those messages will be encrypted by a private/public-key encryption.

Now, since my server is going to send a lot of those messages, I’m going to need access to the private key a lot. This private key is currently located on the server as a file. However this is not something that is required.

Now, if no-one is able to enter my server, there is no problem at all. But what if someone gets access to my server? They can just take the private key file and my security is breached.

I’m not able to use a hardware solution for this problem.

What are my options?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If they have the key, and they know what to do with it (where & how it applies to your messages), then yes, you’re completely compromised. But, let’s face it, that’s always the case when someone has rooted your server.

    A better approach might be: How can I prevent common hacks, like a man-in-the-middle attack, from compromising security?

    I would say:

    1. Transmit the messages over SSL (If you’re using HTTP/HTTPS protocol).
    2. Obfuscate the code that provides the encode/decoding functionality. This will make your hash harder to decode if someone does get the key. If you’re not encoding the key and/or message on the server, and decoding on the client – that may be something to look into depending on your requirments
    3. On the network the messages are
      being transmitted, use a network
      tool to monitor traffic (i.e.
      snort). Intrusion detection could tell you when someone is up to something.

    Just a start…

    • 0