FileAssurity - Using FileAssurity - Key Manager - Key Protection & Distribution

Using FileAssurity

Key Protection & Distribution

Keys, just like the ones for your house, car or office, need to be looked after carefully. The following guidelines should help you to look after them safely.

Protecting your private keys from misuse
The private key used to digitally sign and protect your files is your electronic identity. If your keys get into the hands of someone else then they can appear to be you, and no-one, electronically speaking, can tell the difference. They may also access files that are protected for your eyes only.

In an ideal system, the PC with your private keys on it should never be exposed to an external network or to the Internet or anyone apart from you. This approach provides the maximum security for the keys because an attacker has to gain physical access to that specific computer to break. In a more pratical world your private keys are stored in your keystore, which is protected by a password (used when you logon to FileAssurity). You must take care to choose a password that is going to be effective.

If you have chosen a good password the risks should be very small. You can copy your keystore onto other computers if you wish but you must remember to copy it to the location (for Windows NT, 2000, XP) C:\Documents&settings\'logon_name'\.articsoft\fa\fa.store where 'logon_name' is the name you logon to Windows with. For Windows 95/98/ME PCs the keystore (fa.store) is located in your Windows folder. You must be careful if a keystore is already at that location not to overwrite it, particularly if it is not your keystore.

Do remember, if you have copied your keystore onto another computer temporarily, to delete it as soon as you have finished using it to minimize the chance of anyone else being able to access it.

If you have any reason to think that your signing or protection keys have been compromised (have got into the hands of people who have no right to use them) then you should remove them from your keystore and warn anyone who has received them to delete them. You will also need to obtain new keys, either from a CA or by generating them. If you got them from a CA you may also need to tell them to revoke your original keys.

Protecting your private keys from loss
Make sure you always have a backup of your keys (and the notes that go with them). See backing up your keystore. Backups should be stored somewhere other than on your computer system. On a floppy disk that is somewhere safe in the house may be good enough for personal keys. However, any enterprise should consider storing it's keys and certificates on CD-ROM and lodging them with a bank, or similar organization, that will be able to protect them from major disasters.

If keys are going to be stored for a long time, it may be difficult to remember the password(s) that will release them. Obviously this is not very workable, so it is normal practice to appear to break one of the golden rules of security û and write the password(s) down. However, this does not mean write the password on a post-it note and stick it on the floppy or CD-ROM. If you are storing a key at home then write the password on a note and put it inside a sealed envelope and keep it somewhere separate from the key. If you are keeping information at the bank then have the password(s) kept at a different location from the key(s).

It is, of course, possible to extend this approach, where the key(s) you are protecting are considered to be business critical. You can have passwords created where two or more people enter only parts of the password that only they know, and they write them down and seal them so that no-one else can know what they are. Each password fragment can then be kept separately and stored in different banks or branches, with different rules for who can collect the keys and password fragments.

Other approaches include fragmenting the private key into a number of parts such that either all the parts must be collected before the key can be constructed, or a minimum number of parts must be available. This can be instead of or as well as managing the password.

Any enterprise feeling that they require such techniques should take professional advice over their key lifecycle management system.

Distributing keys
In protecting keys we considered how keys should be stored to prevent loss. In this section we look at what you should do if it is necessary to transfer keys to other people.

Signing Keys
You only need to distribute signing keys if they are self-signed (generated by FileAssurity). When a self-signed key is exported, it can only ever be used by the recipient to verify files signed by you. It cannot be used to sign information.

Protection Keys
You need to distribute protection keys if you want other people to send you information that only you can access. When a protection key is exported, it can only ever be used by the recipient to protect files for you. They cannot use this key to access files protected for you.

These 'public' keys therefore do not need any special protection when sending them to others û the information is being made public, after all. You can choose to send them to people using e-mail, hand them the key personally on a floppy disk or other media, or publish them on your web site (on a signed page, of course). The issue is making sure that the people getting your key can be confident it really is yours. You can always include your phone number when you generate the key so people can call you and check the 'thumbprint' field that is unique to each key generated.