[BBLISA] Systems for Organizing Shared Secrets

K. M. Peterson KMP at KMPeterson.COM
Mon Mar 24 11:06:14 EDT 2014 

Hi Neil,

I spoke at our lightning talks night last year on an implementation of SSSS - Shamir's Secret Sharing Scheme, which allows one to generate a encrypted object and n keys such that some number of those n keys are sufficient to recover the plaintext.

The slide and a link to video are at http://kmpeterson.com/special/bblisa-lightning13/ .

There's an open-source project called OpenCA that's a possible answer to the second part of your question.  I had considered implementing it at one point, but realized that I didn't need enough of the functionality to justify the investment.  I'm not certain how active the project still is at this point.

_KMP

On 24 Mar 2014, at 10:49 , Neil Schelly <neil at jenandneil.com> wrote:

> I'm curious what experience others have with systems for sharing
> secure secrets in their orgs. We've got collections of private keys
> for SSL certificates, SSH authentication sessions, AWS credentials,
> and more.  They aren't all managed in a consistent fashion, which
> means we've got different backup strategies and authentication
> necessary to get to all of them, and of course none of it is as clean
> as we'd like.
> 
> Does anyone here have any experience with systems that make it easy to
> keep secrets hidden while still allowing access to those who need it?
> I'd love a system that can turn into something to create and sign SSL
> keys via a self-service interface too, down the road, but I'm mostly
> trying to create an easy enough alternative to putting sensitive keys
> into code repositories when they don't know any better.  It's hard to
> tell people not to do that when the safe options really aren't very
> good or very user friendly.
> 
> Thanks for any pointers!
> -Neil
> 
> _______________________________________________
> bblisa mailing list
> bblisa at bblisa.org
> http://www.bblisa.org/mailman/listinfo/bblisa



K. M. Peterson, Boston                                      http://kmpeterson.com/resume
40 Stanton Road                                             Contact information, calendar,
Brookline, MA  02445-6839                                   LinkedIn, Twitter, IM, Skype:   
Phone: +1 617 731 6177                                      http://kmpeterson.com/contact

More information about the bblisa mailing list