(Page 6 of 6)
You discovered various things about the key management process, such as:
You learned that there are some interesting issues in key recovery. Since private keys are very sensitive items, and anyone possessing the private key can sign documents claiming to be the person to whom the private key belongs, care must be taken during key recovery. Persons given this privilege should be highly trusted, and careful logs kept to ensure that this privilege is not abused. Because of the significant exposure of single-person key recovery, organizations have come up with a way to use the concept of M-of-N control to require multiple participants in any key recovery operation, reducing risk. M-of-N control involves dividing up a task among multiple people so it cannot be performed by one person acting alone. One key recovery technique using M-of-N control involves issuing each potential key recovery agent a percentage of the private key used for the recovery system, in the form of a token; in order to perform a key recovery, some M of the N authorized people entrusted with these tokens must come together and combine their tokens, to be allowed access to key recovery functions.
You discovered that multiple key pairs can be employed for added security, since a single key pair violates non-repudiation, because of the potential for someone other than the key owner to obtain someones private key used to sign documents. With multiple key pairs, each entity is assigned TWO key pairs, a signing key pair and an encryption key pair. This ensures that if you need to perform key recovery in order to obtain the entitys private key to decrypt messages sent to them, you can obtain that key without also obtaining the private key that could be used to masquerade as that users identity.
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.