Why shouldn't a private key be stored verbatim or in plain text on the local computer?
https://stackoverflow.com/questions/995379
-
13-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I was reading this:
http://msdn.microsoft.com/en-us/library/tswxhw92(VS.80).aspx
The first sentence says: "Asymmetric private keys should never be stored verbatim or in plain text on the local computer."
What's the problem with this? And how does a key container solve it.
The reason I'm asking is that I want to generate an asymmetric key pair. The application I'm writing will encrypt information it sends back to me with the public key. I was thinking of storing the public/private key pair in our source control system so that it gets backed up. Shouldn't I be doing that? If not, how should I store the private key so that it can be reliably backed up?
Thanks. -scott
Update: Does 'never' in the quoted sentence really mean never. Or does it mean I shouldn't be storing keys to source control unless I'm not prepared to take the risk that a hacker could potentially retrieve the keys from our source control system or from a backup taken from it.
Solution
Yes, the "never" in the quoted sentence really does mean never.
If the key is stored in plaintext, then anyone with access to that file can read or duplicate your key, then use it to impersonate you. If you display that file on-screen for whatever reason (looking up the key, open the wrong file, editing other information in the file, etc.), then anyone walking past can see it, potentially memorize it, and use it to impersonate you.
A private crypto key is a non-shared secret. If you don't keep it non-shared and secret, it can't do its job properly.
OTHER TIPS
A common solution is to encrypt private keys in the keychain e.g. by using some password-based encryption scheme.
The private key is needed in order to decrypt bits encrypted with the public key, and vice versa. Since the public key is public by definition, you want to keep its private counterpart secret.
Especially when public key crypto is used for digital signatures, it's important to keep the private key secret. Being able to produce digital signatures that can be verified with your public key essentially proves that whoever made the signature had access to your private key.
If you can guarantee that no one but you, or software you trust, can access files on your computer, you don't need to encrypt your private keys. But these are tough assumptions to make.
Because a malicious user can read your key, if he/she gets a hold of your files. Not sure, what the key container does, but I would guess that it encrypts the keys before writing them to a file.
