简体繁体 English

保护私钥

[英]Securing private key

原文 2011-06-18 20:00:15 8 3 encryption/ key/ private

I know there are a few topics about this, but I still would like to hear your opinion. 我知道有一些与此相关的主题，但我仍然想听听您的意见。 I'm creating a website that is going to send some messages around the network. 我正在创建一个网站，它将通过网络发送一些消息。 Those messages will be encrypted by a private/public-key encryption. 这些消息将通过私钥/公钥加密进行加密。

Now, since my server is going to send a lot of those messages, I'm going to need access to the private key a lot. 现在，由于服务器将发送大量此类消息，因此我将需要大量访问私钥。 This private key is currently located on the server as a file. 该私钥当前作为文件位于服务器上。 However this is not something that is required. 但是，这不是必需的。

Now, if no-one is able to enter my server, there is no problem at all. 现在，如果没有人能够进入我的服务器，则完全没有问题。 But what if someone gets access to my server? 但是，如果有人可以访问我的服务器怎么办？ They can just take the private key file and my security is breached. 他们只能获取私钥文件，而我的安全受到破坏。

I'm not able to use a hardware solution for this problem. 我无法使用硬件解决方案来解决此问题。

What are my options? 我有什么选择？

3 个解决方案

Now, since my server is going to send a lot of those messages.... 现在，由于我的服务器将发送许多此类消息。

If you really only need to send messages to other participants, you only need their public key stored on your server. 如果确实只需要向其他参与者发送消息，则只需将他们的公共密钥存储在服务器上。 No danger there. 那里没有危险。

If you intend to sign / decrypt messages sent to you however you must think about a secure private key storage solution. 但是，如果您打算对发送给您的消息进行签名/解密，则必须考虑一种安全的私钥存储解决方案。

Now, if no-one is able to enter my server, there is no problem at all. 现在，如果没有人能够进入我的服务器，则完全没有问题。 But what if someone gets access to my server? 但是，如果有人可以访问我的服务器怎么办？ They can just take the private key file and my security is breached. 他们只能获取私钥文件，而我的安全受到破坏。

You will always have one single point of failure, one piece of code that has to know your private key / the secret to access the private key, etc. But this problem does not come from public / private key encryption but rather the system itself. 您将始终有一个单点故障，一个必须知道您的私钥/访问私钥的秘密的代码等等。但是，此问题不是来自公用/私有密钥加密，而是系统本身。 At one point you always have to process the unencrypted message regardless of the underlying protocol. 一方面，无论底层协议是什么，您始终都必须处理未加密的消息。

If they have the key, and they know what to do with it (where & how it applies to your messages), then yes, you're completely compromised. 如果他们拥有密钥，并且知道如何使用该密钥（密钥在何处以及如何应用于您的消息），那么是的，您将完全受到损害。 But, let's face it, that's always the case when someone has rooted your server. 但是，让我们面对现实吧，当有人将您的服务器植根时，情况总是如此。

A better approach might be: How can I prevent common hacks, like a man-in-the-middle attack, from compromising security? 更好的方法可能是：如何防止常见的黑客（例如中间人攻击）损害安全性？

I would say: 我会说：

Transmit the messages over SSL (If you're using HTTP/HTTPS protocol). 通过SSL传输消息（如果您使用的是HTTP / HTTPS协议）。
Obfuscate the code that provides the encode/decoding functionality. 混淆提供编码/解码功能的代码。 This will make your hash harder to decode if someone does get the key. 如果有人得到了密钥，这将使您的哈希值难以解码。 If you're not encoding the key and/or message on the server, and decoding on the client - that may be something to look into depending on your requirments 如果您未在服务器上对密钥和/或消息进行编码，而未在客户端上进行解码，则可能需要根据您的要求进行研究
On the network the messages are being transmitted, use a network tool to monitor traffic (ie snort). 在网络上正在传输消息，请使用网络工具监视流量（即snort）。 Intrusion detection could tell you when someone is up to something. 入侵检测可以告诉您某人何时采取行动。

Just a start... 只是一个开始...

As it is mentioned earlier, you will always have single point of failure. 如前所述，您将始终有单点故障。 However, talking about private key storage solutions, you can check Vault project which stores your secrets - private keys in encrypted form. 但是，在谈论私钥存储解决方案时，您可以检查存储您的机密的Vault项目 -加密形式的私钥。 It provides access control policies, audit log and other features. 它提供访问控制策略，审核日志和其他功能。