Best practices for securing a private key for encryption system

R

robi

List,

Can anyone point me to best practices (web links or books) for secure
key storage and management of a private key for a symmetric encryption
system? I have a project I am working on where I need to store the
private key on a machine and reduce the risks of the key being exposed
to people like system administrators and the customer does not want to
use a commercial hardware based system.

Thanks,

Robi
 
O

Oliver Wong

robi said:
List,

Can anyone point me to best practices (web links or books) for secure
key storage and management of a private key for a symmetric encryption
system? I have a project I am working on where I need to store the
private key on a machine and reduce the risks of the key being exposed
to people like system administrators and the customer does not want to
use a commercial hardware based system.

On almost OSes I know of, the system administrator can access all files.
So if I understand your requirements correctly, you may be out of luck.

- Oliver
 
R

robi

Well it depends on the privileges you assign doesn't it :) I have
worked in several places where they have different system
administrators that have different privileges on different boxes as
well as the point here is you can encrypt a key or password so that a
administrator can not convert it to plain text.
What I am looking for is something like a product that allows you to
store encrypted keys in a keystore and manages the encryption and
decryption of the keys behind the scenes so you do not risk exposing
the key to people who may do maintenance on the system. I know RSA's
Bsafe allows this but I am looking to see if anyone on the list has
used other products, open source tools, etc. Specifically software
tools in that the client does not want to use a hardware dongle based
system.
 
C

Chris Smith

robi said:
Well it depends on the privileges you assign doesn't it :) I have
worked in several places where they have different system
administrators that have different privileges on different boxes as
well as the point here is you can encrypt a key or password so that a
administrator can not convert it to plain text.
What I am looking for is something like a product that allows you to
store encrypted keys in a keystore and manages the encryption and
decryption of the keys behind the scenes so you do not risk exposing
the key to people who may do maintenance on the system. I know RSA's
Bsafe allows this but I am looking to see if anyone on the list has
used other products, open source tools, etc. Specifically software
tools in that the client does not want to use a hardware dongle based
system.

You can, of course, encrypt things. In general, there are two
possibilities:

1. You eventually need to recover the original. In this case, you need
to have some software installed on the system somewhere that contains
the encryption key. This is the weakness in your security.

2. You don't need to recover the original. For example, UNIX password
files work this way; instead of decrypting passwords, the login software
encrypts the candidate, and compares the encrypted forms. If you can
pull a trick like this, then you're in better shape, but it's worth
noting that you're still not entirely safe, especially if the data is
predictable or short. If someone can obtain a copy of the encrypted
data, then breaking the system becomes possible by simply testing
guesses. For this reason, modern UNIX operating systems do not make
their password files world-readable as they once did.

If you're just trying to make this HARD, then it's possible. If you're
trying to make it impossible, then you've got problems.

You originally mentioned a private key store. Here's how that's
generally done. First, you create the key store itself in some
unencrypted binary format. Then you ask the user for a password. You
munge the password with some non-reversible encryption scheme such as
that used for UNIX passwords, which doesn't require a key. Then you use
THAT as the key for a reversible encryption scheme, and encrypt the
keystore. To recover the keystore, you ask the user for their password
again, munge it the same way you did before, and then use that key to
decrypt the keystore.

That has the advantage of scheme 2 above, in that there's a non-
reversible (by which is meant that it's computationally hard to reverse
it) step, so you don't need to store the password anywhere on the
system. Additional gains can be made by designing a dense enough binary
format that something reasonable -- as opposed to an obvious failure --
comes back from trying to decrypt the keystore using the wrong password.
Incidentally, the java.security package contains APIs that implement all
of this and use it to manage a keystore.

Then, after you've gone to all this effort to protect the keystore,
someone will enter the keystore password into a plain text file such as
Tomcat's server.xml and thus break the whole thing.
 
R

robi

Chris,
Thanks I understand all this. I am looking for links or books on best
practices. Do you have some resources to point me to? Please do not
point me to SUN JCE documentation. I am very familar with it.


"> noting that you're still not entirely safe, especially if the data
is
predictable or short. If someone can obtain a copy of the encrypted
data, then breaking the system becomes possible by simply testing
guesses. For this reason, modern UNIX operating systems do not make
their password files world-readable as they once did."

Also.. isnt this the point of using padding and blocks so that your
data is not exposed to this sort of attack? These things are usally
dealt with by the algorithim and the process for encryption (i.e. using
a salt or seed, padding, chaining, etc).
 
C

Chris Smith

robi said:
Thanks I understand all this. I am looking for links or books on best
practices.

Sorry, I don't have anything off-hand. I'd start out by suggesting,
though, that the best practice would be to use the existing APIs rather
than trying to implement your own private key store.
 
R

robi

Chris,

Yes I understand that. I have use Bouncey Castle and Sun JCE to create
a key store. What I am looking for is best practices that people have
used, implemented, etc as well as specific sources such as the fine
Java/J2EE Core Security Patterns which covers some of this. I dont
know if you have read that but it has some good stuff.

Thanks for your suggestions.

Cheers,

Robi
 
D

dimitar

One possible solution would be to use strong authentication, requiring a
physical token like fingerprint or USB drive containing a 10k random
noise file as a password. For even stronger security, you can combine
the physical token with a password.
 
R

robi

Good points and I have done alot of PIV stuff with smart cards and
dongels/usb drives in the past but in this case the client does not
want to use hardware. Also I am specifically looking for links, books,
and other resources on best practices. Do you have any resources on
best practices you could point me to?
Thanks,
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,708
Messages
2,569,347
Members
44,653
Latest member
Angus30T19

Latest Threads

Top