Introduction
This document outlines the security considerations for private keys.
Key entropy and random values
Cyrptographic keys are only as strong as the amount of entropy used to generate them. A minimum of 128 bits of entropy should be used for all keys, with additional entropy needed depending upon the application context. Implementations must randomly generate public/private key pairs, message authentication code (MAC) keys and padding values. Using an inadequate pseudorandom number generator (PRNG) to generate cryptographic keys can compromise security. If an attacker can replicate the PRNG environment used to produce the keys, they can narrow down the possible key set to a manageable number, making it unnecessary to perform a brute-force search of the entire key space. The generation of quality random numbers is difficult. RFC4086 offers important guidance on this topic.
Protection of private keys
The security of the electronic signature mechanism described in this document relies on the privacy of the signer's private key. Implementations must ensure that private keys are not compromised.
Choice of algorithms
Cryptographic algorithms weaken over time as new cryptanalysis techniques are developed and computing power improves. As a result, the effort required to break a cryptographic algorithm decreases over time. Therefore, cryptographic algorithm implementations should be modular, allowing for the easy integration of new algorithms. Implementers should anticipate changes in the set of mandatory-to-implement algorithms and prepare accordingly.
It is recommended to follow the latest recommendations from the SOG-IS Working Group
Good security practices
The following are security guidelines and standards from leading organisations, including the European Commission Directorate-General for Human Resources and Security (DG HR), the European Telecommunications Standards Institute (ETSI), the National Institute of Standards and Technology (NIST) and the Internet Engineering Task Force (IETF):
- DG HR - Standard on cryptography and public key infrastructure
- ETSI - Policy requirements for certification authorities issuing public key certificates
- ETSI - Securing Smart Phones
- NIST - Key Management Guidelines
- NIST - Recommendation for Cryptographic Key Generation
- IETF - RFC 5280 - Security Considerations