Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
March, 2007<br />
1. If the key is lost with the possibility of having been compromised, then the key shall be<br />
replaced as soon as possible after recovery in order to limit the exposure of the recovered<br />
key and the data it protects (see Section 8.2.3.1). This requires reapplying the protection<br />
on the protected data using the new key. For example, suppose that the key (KeyA ) that<br />
was used to encrypt data has been misplaced in a manner in which it could have been<br />
compromised. As soon as possible after KeyA is recovered, KeyA shall be used to decrypt<br />
the data, and the data shall be re-encrypted under a new key (KeyB). KeyB shall have no<br />
relationship to KeyA (e.g., KeyB shall not be an update of KeyA).<br />
2. If the key becomes inaccessible or has been modified, but compromise is not suspected,<br />
then the key may be recovered. No further action is required. For example, if the key<br />
becomes inaccessible because the system containing the key crashes or the key is<br />
inadvertently overwritten, and a compromise is not suspected, then the key may simply<br />
be restored.<br />
The following subsections provide discussions to assist an organization in determining whether<br />
or not key recovery is needed. Although the following discussions address only the<br />
recoverability of keys, any related information shall also be recoverable.<br />
B.3.1 Signature Key Pairs<br />
The private key of a signature key pair (the private signature key) is used by the owner of the key<br />
pair to apply digital signatures to information. The associated public key (the public signature<br />
verification key) is used by relying entities to verify the digital signature.<br />
B.3.1.1 Public Signature Verification Keys<br />
It is appropriate to backup or archive a public signature verification key for as long as required in<br />
order to verify the information signed by the associated private signature key. In the case of a<br />
public key that has been certified (e.g., by a Certificate Authority), saving the public key<br />
certificate would be an appropriate form of storing the public key; backup or archive storage may<br />
be provided by the infrastructure (e.g., by a certificate repository). The public key should be<br />
stored in backup storage until the end of the private key’s cryptoperiod, and should be stored in<br />
archive storage as long as required for the verification of signed data. However, at some time the<br />
cryptographic strength of the signature algorithm may be reduced or lost completely. The<br />
algorithm may no longer offer adequate security or the private key may have been compromised.<br />
If the signature algorithm has been withdrawn or the cryptoperiod of the public key has expired,<br />
the signature shall be regarded as an error detection code rather than a cryptographic signature.<br />
Appropriate storage systems are being developed that employ cryptographic time stamps to store<br />
digitally signed data beyond the normal security life of the original signature mechanism or its<br />
keys.<br />
B.3.1.2 Private Signature Keys<br />
Key backup is not usually desirable for the private key of a signing key pair, since the nonreputability<br />
of the signature comes into question. However, exceptions may exist. For example,<br />
replacing the private signature key and having its associated public signature verification key<br />
distributed (in accordance with Section 8.1.5.1) in a timely manner may not be possible under<br />
some circumstances. This may be the case, for example, for the private signature key of a CA. If<br />
a private signature key is backed up, the private signature key shall be recovered using a highly<br />
secure method. Depending on circumstances, the key should be recovered for immediate use<br />
127