Secure Storage of Private Keys

The security of private keys is crucial for public key cryptosystems. Anyone who can obtain a private key can use it to impersonate the rightful owner during all communications and transactions on intranets or on the Internet. Therefore, private keys must be in the possession only of authorized users, and they must be protected from unauthorized use.

For software-based public key cryptography, cryptography operations occur in the computers operating system memory. Attackers might be able to force buffer overflows or memory dumps to obtain private keys. Even if a private key is protected by encryption while it is in memory, obtaining the protected key is the first step in a potential attack to discover what the key is. Hardware-based cryptography is inherently more secure than software-based cryptography.

In addition, many cryptosystems also store private keys on local hard disks. An attacker with access to a computer might use low-level disk utilities to locate encrypted private keys on the hard disk and perform cryptanalysis to decipher the key. In general, the risk of attacks on private keys is much lower when keys are stored on tamper resistant hardware devices such as smart cards.

In general, you can provide more security for private keys by doing the following:

  • Provide physical and network security for computers and devices where private keys are generated and stored. For example, you can store servers used for CAs or secure Web communications in locked data centers and configure network and computer security features to minimize the risks of attacks.

  • Use hardware-based cryptography devices to store private keys. Private keys are stored on tamper-resistant hardware rather than on the computer's hard disk drive. All cryptography takes place in the crypto-hardware, so private keys are never revealed to the operating system or cached in memory.

You generally provide the highest security for private keys where the compromise of the key would cause the most potential damage. For example, you might provide the highest security for your organization's CA keys and Internet software publishing (code signing) keys. You might also require smart cards for private keys that control access to valuable Web resources or that secure valuable e-mail communications.