Global Sales Contact List

Contact   A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

RSA Laboratories

4.1.3.7 What happens if my private key is compromised?

If your private key is compromised, that is, if you suspect an attacker may have obtained your private key, then you should assume the attacker can read any encrypted messages sent to you under the corresponding public key, and forge your signature on documents as long as others continue to accept that public key as yours. The seriousness of these consequences underscores the importance of protecting your private key with extremely strong mechanisms (see Question 4.1.3.8).

You must immediately notify any certifying authorities for the public keys and have your public key placed on a certificate revocation list (see Question 4.1.3.16); this will inform people that the private key has been compromised and the public key has been revoked. Then generate a new key pair and obtain a new certificate for the public key. You may wish to use the new private key to re-sign documents you had signed with the compromised private key, though documents that had been timestamped as well as signed might still be valid (see Question 7.11). You should also change the way you store your private key to prevent a compromise of the new key.


Top of the page

Notes:
Connect with EMCConnect with EMC
Need help immediately? EMC Sales Specialists are standing by to answer your questions real time.
Use Live Chat for fast, direct access to EMC Customer Service Professionals to resolve your support questions.
Explore and compare EMC products in the EMC Store, and get a price quote from EMC or an EMC partner.
We're here to help. Send us your sales inquiry and an EMC Sales Specialist will get back to you within one business day.
Want to talk? Call us to speak with an EMC Sales Specialist live.