|
|
|
|
|
|
by Dentrax
1854 days ago
|
|
|
Actually, we store the passwords inside the PEM file itself, which is encrypted by TUF [0]. > If you can store the password securely can you not then also store the private keys securely? You don't have to store the private keys securely. On the contrary, you can store your private keys publicly, if the decryption password strong enough. If you want to decrypt keys in the pipeline, of course your decryption keys still need to be stored securely. Which is why I added some KMS providers in the use-case diagram. [1] [0] https://github.com/theupdateframework/go-tuf/blob/master/enc...
[1] https://raw.githubusercontent.com/Dentrax/cocert/main/.res/u... |
|
|
