1. Categories >> Software >> Cryptography >> Encryption Decryption
  2. Suggest New Category

What happens if a private key is compromised ?

Question Posted / ramkumar

Answer Posted / ramkumar

Private keys must be stored securely, since forgery and
loss of privacy could result from compromise (see Question
4.1.3.7). The measures taken to protect a private key must
be at least equal to the required security of the messages
encrypted with that key. In general, a private key should
never be stored anywhere in plaintext form. The simplest
storage mechanism is to encrypt a private key under a
password and store the result on a disk. However, passwords
are sometimes very easily guessed; when this scheme is
followed, a password should be chosen very carefully since
the security is tied directly to the password.
Storing the encrypted key on a disk that is not accessible
through a computer network, such as a floppy disk or a
local hard disk, will make some attacks more difficult. It
might be best to store the key in a computer that is not
accessible to other users or on removable media the user
can remove and take with her when she has finished using a
particular computer. Private keys may also be stored on
portable hardware, such as a smart card. Users with
extremely high security needs, such as certifying
authorities, should use tamper-resistant devices to protect
their private keys (see Question 4.1.3.13).

Is This Answer Correct ?    0 Yes 1 No



Post New Answer       View All Answers


Please Help Members By Posting Answers For Below Questions

What is private key cryptography and how we compare it with public key cryptography?

1380

what is trapdoor and how does it works?

1516

What is the difference between Kryptel and Silver Key?

1683

What are the cfb and ofb modes?

502

How Encoding is different from Encryption?

482




How do certifying authorities store their private keys ?

1988

Is there a limit on the file size or on the number of encrypted files?

1524

What Is Encryption?

521

Does encryption of connection strings in web.config file possible? How?

530

A company wants to transmit data over the telephone, but it is concerned that its phones may be tapped. All of its data is transmitted as four-digit integers. It has asked you to write a program that will encrypt its data so that the data may be transmitted more securely. Your script should read a four digit integer entered by the user in a prompt dialog and encrypt it as follows: Replace each digit by (the sum of that digit plus 7) modulus 10. Then swap the first digit with the third, and swap the second digit with the fourth. Then output XHTML text that displays the encrypted integer.

3023

What is decryption?

499

What is exhaustive key search ?

1692

What is an encryption "key" and what is the importance of key length?

1496

Do encrypted files contain password in some form?

1689

What is a zed encoder? How does it work?

2081