"david.lloyd(a)jboss.com" wrote : But then, of course, the client servers need a password or key to access the central key server, which then brings you back to the original problem... Of course, it boils down to safeguarding private keys. I have not looked at solutions here (TPM, HSM etc). :) I was wondering why there was a need to inject DH Key Agreement internals as POJO, then seeing that you are planning to do SSH implementation - it made sense. One other area, where it makes sense is the implementation of WS-SX (Web Service Security Conversation). View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4204058#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...