I'm starting to really appreciate moments of sleep deprivation, at least when I'm in the office. Though I'm not particularly focused on a project or any development today, I've spent some time shoring up my skills in applied asymmetric cryptography.

I've been considering the subject ever since the conference I attended in Montéal. I sat in on a talk regarding various encryption methodologies, and a common need that came up and that the speaker couldn't seem to answer was that of storing sensitive data in outer tier servers. You can encrypt them easily enough, and plenty of people were doing that (as I was in an application I worked on) but ultimately, a server compromise gives the intruder both the encrypted data and the key with which to decrypt it. And that's kind of silly.

So rather than going through all that, I came up with a proof of concept that just uses an RSA public/private key to do a one-way encryption of the data on the outside server. Within the DMZ where no security breach should ever allow a person to reach, a secondary service runs that fetches the data, decrypts it with the well protected private RSA key, and then does the bidding that the outside server would've done before.

Of course, now that I've figured out how to do it, I don't really care so much about actually fixing the problem. Meh.