How do you secure you private keys for signed updates

Hi,

I think you're asking "how do you secure your private key on the server'. That's an IT and Infosec topic and they would have policies on how to do this. The private key is encrypted with a password and backed up. As you suggest, it must not be lost, and therefore needs to be backed up.

If it is lost, then one way out could be to have both the server and all the millions of devices to re-generate private and public keys. That has its own requirements, including how to get one-time passwords to do this into the millions of devices, and to do it without introducing a security hole could be difficult (but not impossible).

In short, don't lose the keys, and if you do, consider the devices abandoned, never to be upgraded and may (should) even shut down. You've then got a massive corporate problem at a minimum, and will likely be sued, etc. So treat the keys as something of value that must be protected.

So glad I am only managing 2 IOT devices, probably ultimately a maximum of 6 and they are all on my private network!

I haven't implemented signed updates.

Yes, question is related to storing private keys somewhere safe. It is related to IT, but the impact is on the devices, so any workarounds a potential key loss needs to be a part of the on-board software design (or may be not, security is paramount?).

Thanks for painting that picture of corporate horror. Indeed, I imagine something like that going down.

What is being alluded to is key management. This includes, creation, distribution and revocation of keys. This is no small task and needs some careful development to avoid pitfalls.  shabaz described losing the key as one scenario but think about the consequences of the private key being compromised and it was not known.

An interested exercise is to research what is required to have point of sale by accepting credit cards numbers. The overhead is considerable but card companies understand the risk and what the card collect to invest heavily to minimize it.

It is a hard topic. Where in the past you had a breach when someone could get at your data, now you often have a breach when you or your staff are sloppy with private keys.

And the importance of not being sloppy with keys isn't a habit yet. I've seen them mailed around by accident instead of the public key. In a backup dir of a commercial app after installation. Checked into version control. Placed on a sharepoint in a folder called Private Keys ...

A second hard exercise is how to get keys into the secure storage of a microcontroller during production. I asked that here long time ago but no solutions for this common task:

Where do you store/hide your AES keys used for embedded encypt and decrypt?

I worked for a ISP who's entire digital television system PKI infrastructure was taken offline when a Windows update of the certificate authority (CA) server went bad. Without the CA all lower certificate servers had a certificate time to live of 24hours. 65K subscribers would lose television if the CA was not back online in less than 24hours. The server was restored before TV service was lost but, all the recording customers had made on their PVR were rendered useless. A new CA could not validate the certificate from the old server. Try explaining to a customer why their whole series of Breaking Bad shows is available in their content but can't be displayed:)

I established a PKI infrastructure for a telecommunication company. Months of planning and process development was required. How keys were requested, how keys were created, how keys were distributed, how keys were installed and how keys were revoked all had to be in place before the first key was issued.  This process is multiplied and modified depending on the type of certificate. Our certificate chain had to integrate with the parent company. It was a milestone project in my career. When completed keys could be available in less than 5 minutes. It took a minimum of one week to get a key before the system was established. 

Speaking of keys, I just discovered ssh information from the key exchange on a session has changed in the known_hosts file. The IP address is no longer traceable. That is something new.

Ok Great Question. First, you need to answer the first question.  What OS are you running?? Good Luck with windows as you are in very nasty company.  hopefully, you are running LINUX or better yet, OpenBSD. There are some great tools to use. My key pair are stored in a few places: OpenBSD but you have to bolt it down by running pf (packet filter) on a transparent bridge. This is the ONLY OS THAT HAS NOT BEEN HACKED. basically you will end up with 3 network ports the built-in one is for management, the other two ONLY HAVE MAC ADDRESS on them this is ware pf lives. I also keep copies on a dedicated fash drive, and paper copies in two places.

~~ Cris

I prefer to use vpn tools for protecting my privacy

As your metaphor suggests, private keys are a major blood vessel in the security of an organization. Protecting the private key of a key pair is critical if you which to leverage the security attributes provided from using PKI. Deployment should include a risk assessment and from that a clear security policy defining how it is to be accomplished.