These are surprisingly cheap - a simple smartcard reader is only a few dollars. Hardware Security Modules will Do Maths for you, and just give you the result - you can literally never get the private key out of the device. If someone wants to steal your key, they can just copy the file - and you might never know.īut it needn't be the case.
Want to sign something, or encrypt something with it? Load in the private key into memory and Do Maths. That last statement might sound a bit weird, so let me explain a bit - in most cases, a private key is held in a file on disk. To "Access" a key means to have the ability to use the key directly or indirectly. To "Compromise" a key means that some other attacker has got access to it. To "Mitigate" something means to protect against it, but in the knowledge that the protection isn't perfect. Really, these are terms loaded with additional meaning. The only things security folks like more than weird mathematics that nobody else understands are long words that nobody else understands.
So what happens if someone else has obtained your private key? What a certificate, presented in something like TLS, proves is that the presenter has access to the private key. And you knew this because you'd already read Brief(ish) explanation of how https works. Once upon a time, you had a certificate, all properly signed and everything, and everyone knew that whosoever presented this certificate would be the rightful King of England you.
0 kommentar(er)
