Peter Lin wrote: > The reason for this strange design is that, the plain text RSA > private key is stored in some hardware chip which can only do > en/decryption but cannot pass the key out. However, I need to > save a copy of the private key in a unsafe place for other > purpose, but need to make sure its safety. Also it is not > desired to maintain two sets of keys, so here comes the idea > to encrypt a key with itself.
I don't follow the logic. If you encrypt the key with itself, then someone can only decrypt the key if they have the key already. What purpose would that serve? If they have the key already, why do they need to go through some process to obtain the key? The "right" answer depends on precisely what your "other purpose" actually is. I'm also perplexed by what you mean by "maintain two sets of keys". Why does this not produce two sets of keys, one in the device and one the one you have stored in the other place? Do you mean two sets of *different* keys? Any mechanism of encrypted this key would be storing the same key in two places, so how does that weigh for or against different methods of encrypting the key? Who should be able to decrypt this private key that is stored in the insecure place? You *need* to encrypt it based on something only they know or something only they can do. If there is nothing that only they know or only they can do, then your requirements are likely not possible to meet and should be rethought. If there is something only they know or only they can do, use that to protect the key. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
