[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[tor-talk] Recommended private key management and recovery



Hello tor-talk!

I have an operations question for those in high-security orgs:
* How do you manage your private keys?
* How do you do recover from a key-compromise?

I ask because there's talk among Singaporean financial tech firms
about migrating to more transparent (yay!) blockchain-based
cryptoledgers, but a sticking point for management is how to reliably
recover from theft of private keys.  I understand there exist
real-world practices like cold-storage as well as cryptographic
practices like requiring quorum of n keys and then regenerating a
stolen key from the quorum.  However, I am seeking something more
concrete for how it all fits together.  And I figured that if any
group of people both competent and transparent enough to discuss this,
it's tor-talk.

I am currently under the impression that this is a largely-solved
problem, but often requires domain-specific knowledge/techniques.
Ergo, I ask.  A paragraph or two overview of the gist would be fine.
Whatever you write I will probably polish into something non-h4x0rs
can understand.

Thanks much,
-Virgil
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk