I recently inherited an in-house built key storage system. The company stores credit card data in two database servers which are AES encrypted. The keys reside in a separate system that is located in its own DMZ. When a web server needs to encrypt some data, the key server is called via https and requests a key. It returns a key, and an encoded serial number. The app server stores the encrypted info and the serial number then discards the key. When data needs to be decrypted, the serial number is sent to the key server which returns the key that was used for that record.
The fellow that developed this did not use key pools. Every key is a unique random value. The key database is encrypted using a key generated by 2 passwords provided by 2 custodians. From what I am seeing, even if you got hold of the keys, you would have to be able to decode the serial numbers to be able to use them, and then each key would only be good for one record. He even wrote a php extension in c that has the encoding/decoding functions.
This seems to be a pretty good design. Anyone Have any experience with this type of thing that can give an opinion on this method and any possible holes or improvements.