Den 9 jan 2014 00:56 skrev "Paul F Fraser" <pa...@a2zliving.com>: > > Software and physical safe keeping of Root CA secret key are central to security of a large set of issued certificates. > Are there any safe techniques for handling this problem taking into account the need to not have the control in the hands of one person? > Any links or suggestions of how to handle this problem? > > regards > > Paul Fraser
Hardware Security Modules are common. Kind of like smartcards (the chip on your bank card), but big and fast, and usually supporting far more protocols. Designed to be very hard to hack or otherwise extract the keys from. On the algorithmical level, there is Secure Multiparty Computation plus Shamir's Secure Sharing Scheme, such that you need a group of chosen period to work together to use the key to decrypt and sign things, while not revealing the private key to anybody. The people who developed the Speedz (spelling?) protocol is marketing a service for this. - Sent from my phone
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography