Protection of Key Store and Trust Store |
|
Protection of the key- and trust store is very important because they are used in authentication processes and contain private keys.
The key- and trust store are stored in LDAP in the service group configuration. To prevent stealing, they are encrypted with a shared key. This shared key is used by all Monitors processes of a distributed system.
To protect the shared key, it is encrypted with the public certificate of the Monitor and stored in the service group configuration of the Monitor. It can only be decrypted with the private key of the Monitor.
Only the person who has access to the hard disk of a machine can access to the private key of the Monitor. This can be made more secure by using file-based protection available in every operating system.
This infrastructure of shared key, private and public keys, and certificates is set up during installation of Process Platform.