How to Protect Your Private Key

In the world of Certificate Authorities and digital signatures there still exist questions about who gave the authority to the CA’s to authorize the certificates? And although a certificate has been granted, how should we treat a private key that is suspected as having not come from the authorized owner?

In order for the digital signature trust relationships to work you have to be able to protect your private key. You could keep your private key in a digital safe or build a digital fortress around it. But how do you protect those passwords which allow entry past your digital sentries into your digital safe or digital fortress?

What if you keep your private key in a thumb drive or a smart card with memory? Then you have to protect against loss or theft of those devices. But what if they are stolen and then someone were able to locate and use your private key to send out malicious messages or even to promote illegal activities, how can you be protected?

The answer is the term “non-repudiation”. This is a term whose origins have come from the academic world of cryptography where terms such as “trusted” have also been borrowed and applied to digital cryptography. Non-repudiation means that the digital signature algorithm cannot be broken and, therefore, cannot be used to forge your signature. There are actual digital signature laws which state that if your digital signature key has been certified by an approved Certificate Authority such as Verisign then you – the owner – are responsible for its use, anyhow, anywhere, and anytime.  If it is used in a criminal activity or used to send out malicious emails or other undesirable emails and data it is still assumed that you – the owner – were sitting at the keyboard when those events occurred.

If you think that your private key has been stolen or may be misused then you are supposed to add it to a Certificate Revocation List (CRL). A CRL is a list of Certificates that are not recognized. After your key goes on the list then anything signed with it will be automatically repudiated.

In another post I talked about how traffic engineers for Los Angeles were engaged in a labor dispute with the city. They decided to illegally access the LA traffic computer systems and deliberately cause traffic problems at four key intersections. One of the precautions the city administrators could have taken would have been for them to submit the private keys of the striking engineers to a CRL. This would have been one of several security measures that the city could have had as part of their security policy to prevent malicious activities from occurring on city computer systems.

Written by Mike Rede

Leave A Reply