Bulletproof SSL and TLS by Ivan Ristić

Author:Ivan Ristić
Language: eng
Format: epub
ISBN: 9781907117046
Publisher: Feisty Duck Limited
Published: 2014-07-17T16:00:00+00:00

Store keys safely

Keep a copy of your keys in a safe location. Losing a server key is usually not a big deal because you can always generate a new one, but it’s a different story altogether with keys used for intermediate and private CAs, and keys that are used for pinning.

Generating and keeping private keys in tamper-resistant hardware is the safest approach you can take, if you can afford it. Such devices are known as Hardware Storage Modules, or HSMs. If you use one of those, private keys never leave the HSM and, in fact, can’t be extracted from the device. These days, HSMs are even available as a service.[417] If you care about your security enough to think about an HSM, the idea of using one in the cloud might seem unusual. That said, given what we know about high-tech spying,[418] even when deploying in-house it might still be challenging to find a manufacturer whom you trust not to have created a backdoor into the device. After all, you don’t want to spend a lot of money on a device and only later find out that the keys can be extracted from it.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.