Suppose a server use digital signature to prove the files it sends to users. If someone steals the secret key in the server, what should it do?
Asked
Active
Viewed 149 times
1 Answers
6
The key needs to be revoked, the server nuked from orbit, and a new system with a new key put into place.
To go further, this is why you want your master signing key to be offline and trust in your servers' certs based on that chain.
Jeff Ferland
- 38,090
- 9
- 93
- 171