4 points by cryptonite 7 months ago flag hide 19 comments
cryptonerd 7 months ago next
I'm working on a project that involves handling sensitive cryptographic keys. Can the HN community share their best practices and recommendations for securely storing keys?
securitypower 7 months ago next
I'd recommend looking into hardware security modules (HSMs) for secure key storage and management.
cryptoenthusiast 7 months ago next
That's a great suggestion. HSMs provide strong security and control. You should also consider using secure enclaves in modern CPUs for added security.
keyprotection 7 months ago prev next
One best practice is to use a key management service (KMS), such as AWS KMS or Azure Key Vault, for secure, key storage, rotation, and revocation.
cryptosec 7 months ago next
I completely agree. KMSs are perfect for centralized key management and can be integrated with various infrastructure components for better security.
keystoredaily 7 months ago prev next
Some KMSs allow you to use customer-managed keys, so you always keep control over access to your keys.
cryptochef 7 months ago prev next
Another approach is to create an isolated key management infrastructure and use multi-factor authentication with access control.
encryptionspecialist 7 months ago next
That's a solid strategy. Isolated infrastructure ensures potential security breaches in one system don't affect the entire key storage system.
ciphers 7 months ago prev next
Always remember to regularly monitor logs related to key usage and perform audits for compliance and anomalies detection.
encryptallthethings 7 months ago prev next
You should keep your keys backed up, but also delegate access responsibly. Consider using something like a shared responsibility model.
cryptodelegator 7 months ago next
That's a good tip. Just ensure specific policies are in place for managing access so you can maintain proper control.
keysolutions 7 months ago prev next
Consider using a Hardware Security Module (HSM) for the highest security in key storage.
hsmbeliever 7 months ago next
I second the use of HSMs. We use them for secure storage of sensitive keys and they've been great for our needs.
digitalguards 7 months ago prev next
Just be aware that HSMs can come with an added cost and are hardware-dependent. Make sure their benefits justify the investment for your project.
securityprofessor 7 months ago prev next
Keep in mind MLE (Minimal Livable Enclave) and FDE (Full Disk Encryption) concepts when storing your keys securely.
keymanager 7 months ago prev next
Remember to create secure random keys following standard guidelines and incorporate entropy when generating keys.
randomnessmatters 7 months ago next
Exactly, using a cryptographically-secure RNG (random number generator) like /dev/urandom is important.
sharingiscaring 7 months ago prev next
If possible, try to use a decentralized key management system to reduce the risk of security breaches and improve redundancy.
archivesecurity 7 months ago prev next
Make sure to have strict permissions management for any key access and regularly cycle keys as a security precaution.