2

I understand the details of RSA encryption/decryption in that a public key can be distributed in the clear since all it can really do anyway is encrypt data. I also understand that this public key can be signed with a different public/private key pair. This is great to validate that the key came from a reliable source and you are not encrypting your sensitive data with with a malicious public key so that an attacker could decrypt with the paired malicious private key. I also understand that it is important to rotate public encryption keys since after a number of uses, the private key becomes mathematically exposed with fewer computational cycles. What I do not understand is if you need to rotate your public signing key. It seems to me that after enough key rotations your private signing key would become exposed and then a malicious public encryption key could be signed by an attacker with the private signing key they have exploited. Issuing a new public signing key, however, becomes susceptible to a man in the middle attack. What piece of this am I missing?

Kyle Jurick
  • 31
  • 3
  • 1
    How does "issuing a new public signing key...(become) susceptible to a man in the middle attack"? How is that different from when the original public signing key was issued? – 0xSheepdog Jun 13 '14 at 19:05
  • Yes, I left that bit out. In my application for RSA, the device that holds the public signing key originates from a trusted source where the initial public signing key is injected (for lack of a better term) into it. – Kyle Jurick Jun 13 '14 at 19:12
  • 1
    I think that the answer to this is that public signing keys do not need to be rotated since they are used so infrequently. I would just like to get someone to say that to get some confidence behind that answer. – Kyle Jurick Jun 13 '14 at 19:15

1 Answers1

2

I also understand that it is important to rotate public encryption keys since after a number of uses, the private key becomes mathematically exposed with fewer computational cycles.

Well, you understood wrong. This is a widespread myth, but myth nonetheless. Keys don't wear upon usage -- especially not signature keys. Keys used to require regular rotation, but that was back in the days before computers, when cryptographic algorithms had to be done with a pen and paper, or possibly some assembly of whirring cogs. Times have changed.

A decent signature algorithm is supposed to remain safe even if you produce a billion of billions of signatures. An algorithm which does not achieve at least that level of security is said to be "broken" and cryptographers shun it. RSA (used properly, i.e. as explained in PKCS#1) is not broken.

Community
  • 1
Thomas Pornin
  • 320,799
  • 57
  • 780
  • 949
  • Thanks Thomas. As I have understood it from the partners that we work with (one of which actually is RSA), it is highly improbable, but still POSSIBLE, for a private key to be exploited by usage of a public key. Your statement "especially not signature keys" leaves opening for this to be true. Regardless, the specification for the industry I work in requires that any implementation of asymmetric key encryption requires for a key rotation mechanism to exist. There is no requirement for signing key rotation, I am just doing my due diligence. – Kyle Jurick Jun 13 '14 at 19:59
  • Signing keys *are* asymmetric keys, so your corporate key rotation policies should apply to them. Key rotation is a good practice to reduce the blast radius of a compromised/leaked key. – jsears Jul 01 '20 at 21:58