Quick background to this question:
I'm working on a web application that will need to encrypt/decrypt data. I'm fully aware of what the issues are with storing private keys on a web server but in this instance there's no alternative so I came up with the following 'scheme':
1. encrypt the data with a symmetric key
2. encrypt the symmetric key with a public/private key pair
3. encrypt the private key with a passphrase
I've since found out that this is how Weave works so I took this as a sign that if Mozilla can do this kind of thing then so can I
My questions are:
1. Can I use GnuPG's in-built functions to create a secure keychain or do I really need a dedicated app?
2. When SSL certificates are installed on Un*x/Linux servers, how are they secured?
3. Once someone's entered the correct passphrase once, is there a sensible way to re-authenticate the decryption process without keeping the passphrase in memory somewhere?
Thanks in advance,
Mecha Godzilla