Question 126. How Do Certifying Authorities Store their Private Keys?

It is extremely important that the private keys of certifying authorities (see Question 125) are stored securely because compromise would enable undetectable forgeries. One way to achieve the desired security is to store the key in a tamper-resistant device. The device should preferably destroy its contents if ever opened, and be shielded against attacks using electromagnetic radiation. Not even employees of the certifying authority should have access to the private key itself, but only the ability to use the private key in the process of issuing certificates.

There are many possible designs for controlling the use of a certifying authority's private key. BBN's SafeKeyper, for instance, is activated by a set of data keys, which are physical keys capable of storing digital information. The data keys use secret sharing technology so that several people must use their data keys to activate the SafeKeyper. This prevents a disgruntled CA employee from producing phony certificates.

Note that if the certificate-signing device is destroyed, say in a fire, no security is compromised. Certificates signed by the device are still valid, as long as the verifier uses the correct public key. Moreover, some devices are manufactured so that a lost private key can be restored into a new device. See Question 128 for discussion of lost CA private keys.