Welome to the Internet, here's your private key

Trei, Peter ptrei at rsasecurity.com
Mon Feb 4 11:13:10 EST 2002 

One other scheme I've seen, and which, while it doesn't give me
warm fuzzies, seems reasonable, is to issue the
the enduser a smartcard with a keypair on it. The SC generates
the pair onboard, and exports only the public half. The private
half never leaves the SC (there is no function on the card to 
export it).

If you trust the above, then the only copy of the private key
is on the SC, despite it having been generated without the
end users participation.

Peter

> ----------
> From: 	Jaap-Henk Hoepman[SMTP:hoepman at cs.utwente.nl]
> Sent: 	Monday, February 04, 2002 8:45 AM
> To: 	cryptography at wasabisystems.com
> Subject: 	Re: Welome to the Internet, here's your private key
> 
> 
> It's worse: it's even accepted practice among certain security
> specialists. One
> of them involved in the development of a CA service once told me that they
> intended the CA to generate the key pair. After regaining consciousness I
> asked
> him why he thought violating one of the main principles of public key
> cryptography was a good idea. His answer basically ran as follows: if the
> CA is
> going to be liable, they want to be sure the key is strong and not
> compromised. He said that the PC platform of an ordinary user simply
> wasn't
> secure/trusted enough to generate keys on. The system might not generate
> `good
> enough' randomness, or might have been compromised by a trojan.
> 
> Jaap-Henk
> 
> On Sun, 3 Feb 2002 15:09:57 +0100  pgut001 at cs.auckland.ac.nz writes:
> > It is accepted practice among security people that you generate your own
> > private key.  It is also, unfortunately, accepted practice among
> non-security
> > people that your CA generates your private key for you and then mails it
> to
> > you as a PKCS #12 file (for bonus points the password is often included
> in
> > the same or another email).  Requests to have the client generate the
> key
> > themselves and submit the public portion for certification are met with
> > bafflement, outright refusal, or at best grudging acceptance if they're
> big
> > enough to have some clout.  This isn't a one-off exception, this is more
> or
> > less the norm for private industry working with established (rather than
> > internal, roll-your-own) CAs.  This isn't the outcome of pressure from
> > shadowy government agencies, this is just how things are done.  Be
> afraid.
> > 
> 
> -- 
> Jaap-Henk Hoepman             | Come sail your ships around me
> Dept. of Computer Science     | And burn your bridges down
> University of Twente          |       Nick Cave - "Ship Song"
> Email: hoepman at cs.utwente.nl === WWW: www.cs.utwente.nl/~hoepman
> Phone: +31 53 4893795 === Secr: +31 53 4893770 === Fax: +31 53 4894590
> PGP ID: 0xF52E26DD  Fingerprint: 1AED DDEB C7F1 DBB3  0556 4732 4217 ABEF
> 
> 
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to
> majordomo at wasabisystems.com
> 

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list