Naturally this topic stems from current events related to the private key exposure and subsequent mass revocation by Trustico, and of course, we must stress first off that the most secure method of key storage is to generate the private keys on the server and then use the Certificate Signing Request (CSR) when requesting the certificate. If a reseller does generate private keys for any customers outside of the web server environment where the certificate will be hosted, you should stop this practice immediately. Seriously, STOP IT RIGHT NOW!
OK. Now that’s out of the way, here’s a quick regurgitation from the previous blog on the best practices and basic methods of cryptographic key storage:
- No matter how much cybersecurity or end-point security you have in place, if private keys are mismanaged then all security measures have been undermined.
- Private keys should remain secure and, well…private! Don’t email them, share them, post them, in fact, don’t even breathe on them. Don’t believe me? Just ask Trustico how well that worked out for them.
- Methods of cryptographic key storage include:
Operating System and Browser Certificate/Key Stores such as Windows Certificate Store, Mac OS Keychain
Several operating systems and browsers provide certificate or key stores. These are software-based databases that store your public/private keypair and certificate locally on your machine.
.pfx and .jks Files (Keystores)
PKCS#12 (.pfx or .p12) and .jks* (created by the Java keytool) are files containing your public/private keypair. Unlike the locally-stored OS and browser keystores, these files can be stored virtually anywhere, including remote servers and are always password protected (meaning any time you want to use your private key, you have to enter a STRONG password). Another appeal is that since these are ultimately just files, you can easily distribute copies if you have multiple people who need to use the certificate. On other hand, since they are just files, they are susceptible to being distributed insecurely. With rapid advances in password cracking algorithms, be sure to create a sufficiently long, random password if you use this method.
Hardware Security Modules (HSM)
For those of you that need the most secure key storage, then you should consider the use of FIPS-approved software or hardware key stores HSMs are another cryptographic hardware-based option for key storage, especially if you don’t want to, or it would be too cumbersome to rely on individual tokens.
Reseller Criteria for Cryptographic Key Storage
For resellers, it’s important to pay strict attention to the following set of criteria:
- Never use 3rd party sites to generate keys for you (go ahead and Google “CSR generator” and you will find several, so we won’t even mention or link to any here - just don’t do it).
- Everyone should follow the best practices mentioned above and in the other blog.
- Don’t generate keys for your users except within the web server environment where they will be used.
- Do not store private keys for users or make them available for download through user portals.
- Don’t escrow private keys for your users. SSL Certificates can be easily replaced, so there is no need to recover a private key in the event it is destroyed (unlike email where it is important for customers to recover a lost private key so they can read their encrypted email).
- Resellers are obligated to have their customers agree to the subscriber agreement and you, as the reseller, shall not intentionally sidestep or break any of the included rules.
- Pay attention to the Subscriber's Obligations and Warranties and Key Generation and Usage sections of your reseller subscriber agreement (see GlobalSign’s section 4 and 4.15 as an example).
- This one is a repeat: DO NOT archive the keys, and especially DO NOT send them in unencrypted or even encrypted form to anyone (Trustico all over again).
4.0 Subscriber obligations and Warranties
4.15 Key Generation and Usage
Some Other Points for Resellers:
Resellers should make sure websites and any associated functionality are secure and free from exploitable vulnerabilities, including:
- Serve all pages over HTTPS and check your server configuration to make sure it complies with industry best practices. In fact, deploying HSTS ensures your site is only accessible over HTTPS.
- Make sure operating systems, web servers, and any other components are regularly patched and updated.
- Make sure any custom software is free from common vulnerabilities, like those identified in the OWASP top-10.
- When resellers are providing guidance or assistance to your users, ensure that you are using current best practices and defaulting to secure options.
- Always recommend to your customers new industry standards for key lengths and hashing algorithms, instead of older approaches that may provide more compatibility but are closer to being deprecated due to security risks.
- When certificates are renewed, make sure your customers take the opportunity to create a new key pair instead of reusing the existing one. By utilizing key rotation during certificate renewal, you limit the risk posed by a compromised key or poor key storage hygiene.
Stick to these methods and you will forever be in cryptographic key storage nirvana. As always, the crypto-maniacs here at GlobalSign are always here to help with answers to your questions.