Key Management Question

[Tore Bostrup]

I have a question I believe to be a little unusual - but maybe it isn't.
Frankly - it is a bit outside my area of expertise... :->

I need to store a private key securely on a system that is not secure...

The system will be in a public area and is not a kiosk (no "safe", not
bolted down, etc.). By nature, it is portable (but stationary during use).
It will network with peers - there will not be a server, and no reliance on
another system is possible. So there is no domain controller. It will not
be connected to the Internet, but will occasionally (under supervision)
connect with an extranet through dial-up to access a web service.

The system will be logged in, and an application will be running
(theoretically a dedicated system, but current plan is to run under on Win2k
or XP Pro). The logged in user does not need extensive privileges, but the
application will access a database as well as the filesystem. A keyboard
will typically not be connected, although there is a risk that a USB post
may be accessible. Consider that the user has (some) mouse capabilities (no
drag/drop, no right-click) (touch screen).

In this environment - is there a secure way to store a private key?

TIA,
Tore.

 

[Steven L Umbach]

It is hard to tell without knowing kind of certificate and what it is going
to be used for. Computer certificates are computer specific and can be used
no matter who the user is and are usually not exportable. A user
certificate/private key is only as strong as the user's password, although
if strong key protection is enable you can require that a password be
entered every the private key is used. It may also be possible to
export/delete a user private key and import it again when needed or it may
be better that it not be exportable depending on your situation which would
prevent a user from exporting it to a .pfx file for use on another computer
as that user.

Windows 2000 is more vulnerable to private key compromise that XP Pro
because Windows 2000 allows that an administrator reset a users password in
order to get access to the users private key while XP Pro does not. If you
do settle on XP Pro you can make it MUCH harder to crack a local users
password by disabling storage of lm hash in Local Security Policy and
enforcing password complexity and using a password of at least eight
characters in length and use at least upper case, lower case, numeric, and
special character in the password. Of course it is impossible to guarantee
anything without physical security. One possibility is that an attacker
would remove the hard drive, clone it, put it back, and then try to crack
user's passwords at his convenience to gain access to the private key. ---
Steve

 

[Steve Riley [MSFT]]

If you're writing an application that is using this key, CryptoAPI is your
friend.

http://msdn.microsoft.com/library/d...eccrypto/security/cryptography_essentials.asp

Steve Riley
(e-mail address removed)