IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [key-management]

Key management involves the entire key life-cycle: generation, exchange, storage, safeguarding, use, vetting, revocation, replacement and retirement.

Key management is a critical function in a secure system using keys, and is perhaps the most difficult.

See: Key management - Wikipedia

824 questions
500
votes
8 answers

RSA vs. DSA for SSH authentication keys

When generating SSH authentication keys on a Unix/Linux system with ssh-keygen, you're given the choice of creating a RSA or DSA key pair (using -t type). What is the difference between RSA and DSA keys? What would lead someone to choose one over…
jrdioko
  • 13,011
  • 7
  • 29
  • 38
259
votes
7 answers

How do certification authorities store their private root keys?

Knowledge of a CA private key would allow MitM attackers to transparently supplant any certificates signed by that private key. It would also allow cyber criminals to start forging their own trusted certificates and selling them on the black…
lynks
  • 10,636
  • 5
  • 29
  • 54
234
votes
15 answers

Where do you store your personal private GPG key?

So, I want to start using pass, but I need a GPG key for this. This application will store all of my passwords, which means it's very important that I don't lose my private key, once generated. Hard disks break, cloud providers are generally not…
Florian Margaine
  • 2,465
  • 3
  • 13
  • 10
221
votes
9 answers

How should I distribute my public key?

I've just started to use GPG and created a public key. It is kind of pointless if no-one knows about it. How should I distribute it? Should I post it on my profile on Facebook and LinkedIn? How about my blog? What are the risks?
Roger C S Wernersson
  • 3,060
  • 4
  • 18
  • 12
214
votes
9 answers

Best Practice: ”separate ssh-key per host and user“ vs. ”one ssh-key for all hosts“

Is it better to create a separate SSH key for each host and user or just using the id_rsa key for all hosts to authenticate? Could one id_rsa be malpractice for the privacy/anonymity policies? having one ssh-key for all…
static
  • 2,239
  • 2
  • 12
  • 7
168
votes
4 answers

Where to store a server side encryption key?

I have some data that is symmetrically encrypted with a single key in my database. Rather than hard coding it into my code, I am looking for a safer way to store the encryption key. Where can I safely store it?
Radek
  • 1,783
  • 2
  • 11
  • 5
143
votes
5 answers

How can I export my private key from a Java Keytool keystore?

I would like to export my private key from a Java Keytool keystore, so I can use it with openssl. How can I do that?
Jonas
  • 5,063
  • 7
  • 32
  • 35
132
votes
11 answers

Is it completely safe to publish an ssh public key?

I use a RSA key to log into remote servers with ssh. And I keep my dot files under version control in a publicly accessible place so that I can quickly setup new servers to work the way I like. Right now I don't have my .ssh directory under version…
Brian
  • 1,291
  • 2
  • 8
  • 6
107
votes
10 answers

Should I change the private key when renewing a certificate?

My security department insists that I (the system administrator) make a new private key when I want a SSL certificate renewed for our web servers. They claim it's best practice, but my googling attempts have failed to verify their claim. What is the…
Commander Keen
  • 1,173
  • 2
  • 7
  • 6
98
votes
1 answer

How are private keys kept private?

This may sound like a stupid question but seriously how are private keys kept private? If you're someone like Google you have some huge number of servers to which the public can establish secure connections. The *.google.com private key is required…
George Hawkins
  • 1,135
  • 8
  • 11
93
votes
2 answers

How many OpenPGP keys should I make?

I am learning how to use OpenPGP keys in GnuPG, and I am wondering what is the threshold people generally use to maintain separate OpenPGP keys. Maintaining an incredibly large number of keys is not good since it makes it difficult to be trusted by…
user9117
77
votes
3 answers

What is a good general purpose GnuPG key setup?

Since most key types can be used for multiple purposes, namely certification, authentication, encryption and signatures, one could simply use one key for everything - which is a bad idea, as elaborated e.g. by Thomas Pornin. So one should use…
Tobias Kienzler
  • 7,578
  • 10
  • 43
  • 66
77
votes
3 answers

Does OpenPGP key expiration add to security?

I've created a new OpenPGP key to sign a software package in a source repository with an expiration date three years from now. It seemed like a good security measure, because if the key is compromised or stolen the damage will be limited. But then I…
Adam Matan
  • 1,237
  • 2
  • 11
  • 14
76
votes
6 answers

Is using a public-key for logging in to SSH any better than saving a password?

Using a public/private key pair is fairly convenient for logging in to frequented hosts, but if I'm using a key pair with no password, is that any safer (or less safe) than a password? The security around my private key file is paramount, but say…
Nick T
  • 3,382
  • 4
  • 21
  • 28
67
votes
3 answers

Why shouldn't I bring a computer to a key-signing party?

I'm looking at the event description for the key-signing party at an upcoming BSD conference, and it's mentioned that I shouldn't bring my computer in to the event: Things to bring no computer What risks does bringing a computer into a…
Jules
  • 1,240
  • 1
  • 10
  • 20
1
2 3
54 55