Where to store the private key on a digital signin

2019-05-09 23:56发布

问题:

I am developing a client-server application that requires some files to be signed using the private key before sending to the client. The client will then verify the signature using the public key. Therefore, the private key will need to be on the server at all time and readable by the server application.

The problem is that I was wondering where to store my private key that is more secure from being leaked in case the server is compromised.

Should I store it in the database or should I store it as a file and use file permission to control?

Thanks.

回答1:

Option option is to use a setuid binary which runs as a different user to do the certificate signing.

This other user would have read-access to the key, but the "Normal" app-server user would not have read-access. Therefore if someone compromised the app server's account, they would only be able to sign arbitrary certificates, not steal the CA private key.

Another possibility would be to have some RPC mechanism to pass the signing request to another process running as another user, possibly on another host. Or another VM on the same host (but not inside the app server machine).

Any of these approaches just reduce the impact of a compromise, but it's still bad.



回答2:

If the key is stored on the server itself, then if that server is compromised it will be found. Storing in a DB/files are not likely to prevent this - most breaks in to a server happen through the services it operates.

One option is to store private keys in a separate hardware module called a Hardware Security Module, or HSM. The HSM generates signatures on request, but will not disclose the private key to the server. If the server is compromised, they can get it to sign files for the duration of their access, but can't obtain the key itself and must retain access to the server to continue generating signatures. For infrequent applications, a smart card can serve as a simple HSM.