6

one of my company's employees private key was compromised and it had the disastrous consequences to the company. now the company is planning to have the public/ private key management. Im wondering how the big companies like google, amazon do the key management. do they use third party application for centralization? or they do it with the set of PKI policy to be implemented in the organization. how they manages the key life-cycle?

thanks for your time.

user3392188
  • 81
  • 1
  • 2
  • I sense a bunch of programmers flagging this post rageing it is not related to programming and should be asked at serverfault.com – jariq Apr 18 '14 at 10:52

2 Answers2

1

I believe they do it in very different ways, but there are many solutions for this. For the AWS perspective, i'd suggest you take a look at AWS Cloud HSM, a hardware security module provisioned as a service for secure key management: https://aws.amazon.com/cloudhsm

Julio Faerman
  • 13,228
  • 9
  • 57
  • 75
  • hi Julio, aws cloudhsm seems promising but what we are looking for is in the organisation prospective where we have to manage keys for githubs, and number of other accounts too. i have found different third party services for centralised key management but they are very much expensive to afford to. can u suggest more? – user3392188 Apr 21 '14 at 04:16
  • That is very context dependent... sometimes very simple and cheap solutions such as dropbox or lastpass could do the trick, sometimes those expensive and complex systems are really necessary... – Julio Faerman Apr 21 '14 at 15:03
1

If you are REALLY paranoid about security, you do not store the private key on the filesystem, you store it in hardware. A Hardware Security Module (HSM) from a company like SafeNet or Thales/nCipher is a physically hardened security appliance that is designed to product encryption keys. Once the keys are generated on the HSM they cannot be removed. That is, you can not extract the key and copy it off somewhere else to be used for malicious purposes. Additionally, they have hardened operating systems and software designed to prevent an attacker from being able to hack into the appliance. Too many unsuccessful logins? The device securely wipes its contents. Try to pry open the box to remove the flash memory holding the keys? There is epoxy on the physical hardware components and you will end up destroying them.

These devices also typically include cryptographic accelerators to increase the speed at which cryptographic operations are performed. They also tend to include standards-based APIs, such as PKCS#11 or JCE so it is easy to integrate with other software, such as Apache or your Java JVM.

An HSM is not cheap, but if you are really concerned about the security of your cryptographic material, this is how you protect it.

Shadowman
  • 11,150
  • 19
  • 100
  • 198
  • 1
    Though if "one of my company's employees private key" means they have private keys per employee, for example for TLS client certificates or signed email, then an HSM is a bad model, and they are probably better off with smart cards. (You _can_ use thousands of keys on a Thales HSM, and have access to them individually controlled by smart cards, or passwords, or both.) For things like webserver certificates, or code-signing keys, the HSM will be more appropriate. HSMs can also be used as part of a smart card provisioning architecture. – armb Mar 02 '15 at 10:24