Peter Lin wrote: > Hi folks, > > I have a problem about key security. > > If a RSA private key is encrypted by an AES key, which is again encrypted by > the same RSA private key itself, is this considered as a secure procedure? > Obtaining the encrypted RSA private key and the AES key, is there any way to > "calculate" or "recover" the private key by some methods like solving an > equation? > > The reason for this strange design is that, the plain text RSA private key > is stored in some hardware chip which can only do en/decryption but cannot > pass the key out. However, I need to save a copy of the private key in a > unsafe place for other purpose, but need to make sure its safety. Also it is > not desired to maintain two sets of keys, so here comes the idea to encrypt > a key with itself. > > Hope I have explained it clearly. Any opinion or better suggestion is > appreciated.
The simple solution to your problem, is to not invent something yourself, and to use a proper HSM that does key backup in a sane way (FIPS 140-2 Level 3 or equivalent) - There are patches to OpenSSL that will make these HSMs work in just about any environment, so my recommendation would be to stop trying to reinvent wheels, and just use the tools that already do what you want. If, for some reason, keeping the key private is sufficiently important that you have to go to some rather elaborate measures to protect it, but is insufficiently important that the expenditure of some funds is hard to justify, you may want to give us a few more details as to exactly what you are trying to accomplish so that we can give you some more help. Have fun Patrick. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org