Best practices/HOWTO for key storage in small office/home off ice setting?

Trei, Peter ptrei at rsasecurity.com
Mon Oct 1 11:19:00 EDT 2001 

> Greg Broiles[SMTP:gbroiles at well.com] wrote
> 
> Are list members aware of any helpful resources describing best practices 
> or HOWTOs for protecting cryptographic keys in a small office/home office 
> setting?
> 
> I'm aware of the following approaches, given the assumption that good 
> physical security is unavailable -
> 
> 1.      Store keys & etc on hard disk inside a laptop which is kept in a 
> safe or similar when not in use
> 2.      Store keys & etc on -
>          a.      hard disk in removable carrier
>          b.      3.5" floppy/CD/CD-R[W]/Zip disk
>          c.      PCMCIA hard disk
>          d.      PCMCIA memory
>          e.      Compact Flash hard disk
>          f.      Compact Flash memory
>          g.      Storage-only smartcard
>          .. each of which are stored in safe when not in use
> 3.      Generate & use keys on crypto smartcard (like Schlumberger's 
> Cryptoflex) which is stored in safe when not in use
> 4.      Generate & use keys in dedicated crypto processor board
> 5.      Generate & store or generate & use keys stored across network in 
> encrypted form
> 
[..]

I'd say you need to define your threat model a bit....

If you're worried about losing access to your key
accidentally, encrypt it with a strong passphrase
you are unlikely to forget and store multiple
copies - send it to a mailing list with persistant
archives (I hope you don't use cpunks :-), or even
print it in hex and store paper copies in various 
places. If your in dire straits you can always type
it in.

If you're worried about someone else accessing
the key, something like 3 is probably best (look
into my company's Keon product), but I'd consider
keeping the card with your person when not in use. 
Smartcards are usually PIN or password protected,
and an adversary who can get it off of you, but not
out of the safe, is unlikely to be able to use without
your cooperation - and at least you know it's been
compromised.

I'd also worry a lot about disk remanence on whatever
system makes use of the keys - hopefully
you're running with a encrypted fs. Solution 1 might
work too, if you trust the safe.

Peter Trei




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list