Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why shouldn't a private key be stored verbatim or in plain text on the local computer?

I was reading this:

http://msdn.microsoft.com/en-us/library/tswxhw92(VS.80).aspx

The first sentence says: "Asymmetric private keys should never be stored verbatim or in plain text on the local computer."

What's the problem with this? And how does a key container solve it.

The reason I'm asking is that I want to generate an asymmetric key pair. The application I'm writing will encrypt information it sends back to me with the public key. I was thinking of storing the public/private key pair in our source control system so that it gets backed up. Shouldn't I be doing that? If not, how should I store the private key so that it can be reliably backed up?

Thanks. -scott

Update: Does 'never' in the quoted sentence really mean never. Or does it mean I shouldn't be storing keys to source control unless I'm not prepared to take the risk that a hacker could potentially retrieve the keys from our source control system or from a backup taken from it.

like image 539
Scott Langham Avatar asked Jun 15 '09 10:06

Scott Langham


3 Answers

Yes, the "never" in the quoted sentence really does mean never.

If the key is stored in plaintext, then anyone with access to that file can read or duplicate your key, then use it to impersonate you. If you display that file on-screen for whatever reason (looking up the key, open the wrong file, editing other information in the file, etc.), then anyone walking past can see it, potentially memorize it, and use it to impersonate you.

A private crypto key is a non-shared secret. If you don't keep it non-shared and secret, it can't do its job properly.

like image 64
Dave Sherohman Avatar answered Oct 23 '22 14:10

Dave Sherohman


A common solution is to encrypt private keys in the keychain e.g. by using some password-based encryption scheme.

The private key is needed in order to decrypt bits encrypted with the public key, and vice versa. Since the public key is public by definition, you want to keep its private counterpart secret.

Especially when public key crypto is used for digital signatures, it's important to keep the private key secret. Being able to produce digital signatures that can be verified with your public key essentially proves that whoever made the signature had access to your private key.

If you can guarantee that no one but you, or software you trust, can access files on your computer, you don't need to encrypt your private keys. But these are tough assumptions to make.

like image 29
laalto Avatar answered Oct 23 '22 14:10

laalto


Because a malicious user can read your key, if he/she gets a hold of your files. Not sure, what the key container does, but I would guess that it encrypts the keys before writing them to a file.

like image 23
ynimous Avatar answered Oct 23 '22 13:10

ynimous