RSA Laboratories How should I store my private key?

Private keys must be stored securely, since forgery and loss of privacy could result from compromise (see Question The measures taken to protect a private key must be at least equal to the required security of the messages encrypted with that key. In general, a private key should never be stored anywhere in plaintext form. The simplest storage mechanism is to encrypt a private key under a password and store the result on a disk. However, passwords are sometimes very easily guessed; when this scheme is followed, a password should be chosen very carefully since the security is tied directly to the password.

Storing the encrypted key on a disk that is not accessible through a computer network, such as a floppy disk or a local hard disk, will make some attacks more difficult. It might be best to store the key in a computer that is not accessible to other users or on removable media the user can remove and take with her when she has finished using a particular computer. Private keys may also be stored on portable hardware, such as a smart card. Users with extremely high security needs, such as certifying authorities, should use tamper-resistant devices to protect their private keys (see Question

Top of the page