Managing private keys is a crucial function of the public key infrastructure. Private keys must be securely generated, delivered to their owners, and stored. If attackers can obtain private keys, public key security is defeated. Anyone who can illicitly obtain a private key can impersonate the authorized owner of the private key during online public key cryptography operations. Depending on the security functions provided by the legitimate use of the private key, a compromised private key can be used to damage network resources, steal valuable information, and even damage reputations.
For example, if you control access to a secure Web site based on authentication certificates, someone with a copy of a private key can gain access to confidential information intended for the authorized user of the private key. If you grant the owners of private keys read/write permission on your Web site, an imposter with a copy of a private key can destroy or modify files on the Web site.
In addition, someone with an illicit copy of your private key for secure mail, can send counterfeit mail on your behalf. Likewise, someone with an illicit copy of your organization's private key for software publishing can sign a malicious program and present it on the Internet as your software to mislead others into trusting and running the malicious program.
Security for Private Keys
Only the owner of a private key must have possession of the key or use the key. Therefore, a public key infrastructure must store private keys in a protected place that is inaccessible to others, and no other copies of the key should normally exist. Public key infrastructures, including the Windows 2000 public key infrastructure, commonly manage private keys with secure interfaces and keep them in protected stores to ensure the ongoing confidentiality of private keys.
Key management technology can be software-based or hardware-based. In general, hardware-based key management provides greater security. For example, cryptosystems that store and manage keys on physical tokens such as smart cards usually provide higher security for keys than cryptosystems that manage and store keys with software.
Sometimes a key recovery database or archive is used to securely store copies of nonsigning private keys that are used by security technologies such as S/MIME and EFS to encrypt persistent data. For S/MIME and EFS, a user's public key encrypts and protects the secret symmetric key that was used to encrypt bulk data. The user's private key must be used to decrypt the bulk encryption key, so that it can be used to decrypt the data. If the private key is lost or damaged and a key recovery database exists, a copy of the private key can be retrieved from a protected store for decrypting the symmetric key and recover encrypted data.
Private keys that are used for digital signing and authentication must never be stored in a key recovery database or archive. Someone other than the legitimate key owner might be able to gain access to the duplicate and impersonate the owner. The mere existence of a copy of a signing key compromises the authentication, integrity, or nonrepudiation provided by the key.
When recovery databases are properly used, only trusted administrators are allowed to use the database and restore keys to their owners. To prevent key compromise, the confidentiality of private keys must be maintained at all times during the key and data recovery processes.
In addition, some public key infrastructures or public key products might include a key escrow system that allows others besides the owners of private keys to access and use the keys. In a key escrow system, a third party holds copies of the private keys. Key escrow systems are sometimes required to obtain a cryptography export license. Key escrow systems are most commonly used when it is necessary for government officials to obtain the private keys that have been used to encrypt information.
Windows 2000 does not provide any key recovery or escrow services; however, some Microsoft or third-party products might support key recovery or key escrow services. For example, Microsoft Exchange Server provides key recovery services for secure mail so you can recover encrypted data if private keys are lost or damaged. Windows 2000, however, does support exporting nonsigning private keys that are used for technologies such as S/MIME and EFS, so you can manually archive keys and use them for data recovery. Such exported keys are stored in a password-protected encrypted format.