[Cryptography] Is storing a hash of a private key a security risk?

Ron Garret ron at flownet.com
Tue Apr 12 13:41:08 EDT 2016


On Apr 12, 2016, at 4:13 AM, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:

> For private keys stored in a secure enclave in an embedded environment,
> there's some concern that over long periods of time the key components may be
> subject to bit rot/corruption.  One possible solution is to store a truncated
> hash of the private key components outside the enclave and use that to verify
> that nothing has changed, by asking the enclave whether the stored key
> corresponds to the given hash value.  Without going into a huge amount of
> detail on the specific application, it has to be a hash, it can't be a MAC or
> something similar, and the hash can't be stored inside the enclave because it
> only stores key components (it's a hardware constraint).
> 
> This is something that, on the one hand, seems to be not a good idea, but on
> the other hand I can't see any obvious problem that it would cause (you can
> use it to find out whether a given key is stored inside the enclave, but you
> can do that anyway without the hash because you need to identify the key to
> query the enclave whether the hash matches).
> 
> Can anyone see any problems with this?  Or suggest an alternative approach
> that doesn't violate the constraints imposed by the hardware?

Why not just sign an empty string and verify that the signature verifies against the public key?

rg



More information about the cryptography mailing list