Cryptography Reference
In-Depth Information
19.2.3
Key Storage
Almost all cryptographic keys must be used for a comparably long period of time
(i.e., between the generation of the key and its destruction). In this case, the keys
must be securely stored, meaning that they must be stored in a way that they
cannot be attacked passively or actively. Again, this is an important and challenging
engineering task. Compared to the key distribution problem, the key storage problem
is theoretically and practically even more involved. One reason is that the storage of
a cryptographic key can only be considered in the context of a specific operating
system. So the key storage problem and the operating system security problem
are not independent from each other, and the first problem depends on the second
(unfortunately, we all know that the security of contemporary operating systems is
not in particularly good shape). Consequently, there are many low-level details that
must be considered when one wants to provide a (secure) solution for the key storage
problem.
If there is no single place to store a key, then one may use a secret sharing
scheme as addressed in the following section to store the key in a decentralized and
distributed way. As of this writing, these schemes are not as widely deployed as one
would expect considering their theoretical practicality and usefulness. It is possible
and likely that this will change in the future.
19.2.4
Key Destruction
If a cryptographic key is stored in electronic form, then it is possible and very likely
that it must be destroyed at some point in time. Unfortunately, the key destruction
problem is not as simple to solve as one would expect at first sight. There are
basically two reasons:
•
First, it is technically difficult to delete data that has been stored electronically.
In practice, it is usually required to overwrite the memory locations (where the
keys have been stored) with randomly chosen bit patterns multiple times.
•
Second, there may be (many) temporary copies of the cryptographic keys in
use that are held somewhere in the available memory.
Again, the question whether the key destruction problem can be solved mainly
depends on the operating system in use. There is no general answer that applies for
all operating systems.
