Introduction
This document outlines private key security considerations.
Key entropy and random values
Keys are only as strong as the amount of entropy used to generate them. A minimum of 128 bits of entropy should be used for all keys and, depending upon the application context, more may be required. Implementations must randomly generate public/private key pairs, MAC keys, and padding values. Using an inadequate pseudorandom number generator (PRNG) to generate cryptographic keys can result in little or no security. An attacker may find it much easier to reproduce the PRNG environment that produced the keys, searching the resulting small set of possibilities rather than brute-force searching the entire key space. The generation of quality random numbers is difficult. RFC4086 offers important guidance in this area.
Protection of private key
The security of the electronic signature mechanism defined in the present document depends on the privacy of the signer's private key. Implementations should take steps to ensure that private keys are not compromised.
Choice of algorithms
Implementers should be aware that cryptographic algorithms become weaker with time. As new cryptanalysis techniques are developed and computing performance improves, the work factor to break a particular cryptographic algorithm will reduce. Therefore, cryptographic algorithm implementations should be modular, allowing new algorithms to be readily inserted. That is, implementers should prepare for the set of mandatory-to-implement algorithms to change over time.
It is recommended to follow the latest recommendations of the SOG-IS WG
Good security practices
- STANDARD ON CRYPTOGRAPHY AND PUBLIC KEY INFRASTRUCTURE
- ETSI - Policy requirements for certification authorities issuing public key certificates
- NIST - Recommendation for Cryptographic Key Generation
- NIST - Key management guidelines
- ETSI - Securing Smart Phones
- RFC 5280 - Security Considerations