On Wed, Apr 23, 2014 at 08:32:57PM +0200, Aleksandar L. wrote:
Full ack ;-/
I also agree that this is a very hard task.
So the question is: why do you need it?
If you want to get a specific certificate for some standars.
Well, that’s not about security either, and completely
I’ve seen “certifications” requiring to use software with known
remote code execution vulnerabilities, and I’m quite sceptical
about doing something just because of certification requirements,
without understanding the reasons behind them (if any).
Anyway, if you know a standard which requires storing of
keys in password-protected forms only - please point it out.
Employ at least one of these to authenticate all users: password or
passphrase; or two-factor
authentication (e.g., token devices, smart cards, biometrics, public keys).
This doesn’t look related at all. It’s about authentication of
users, not about storage of private keys.