2

The CP/CPS of SwissSign Gold Certificate state that:

5.1 "...Two identical clones of the SwissSign Gold CA keys are stored off line in Swiss bank safe deposit boxes."

They even put in their Why SwissSign page as their first "selling point":

The «master key» for our certificates is stored safely at two Swiss banks

Is this common among CAs? Isn't a concern that the private key is printed somewhere? Shouldn't they be inside a HSM without a way to extract it?

Victor
  • 383
  • 2
  • 10
  • 1
    [Closely related](https://security.stackexchange.com/a/24906/151903) – AndrolGenhald Mar 29 '18 at 13:47
  • 2
    They say the key is in a bank, they do not say it had been printed on paper. You can keep an HSM offline, locked away. That said, paper has a number of advantages, one of them being longevity -- an electronic system can't compete with paper's resilience to time. – korrigan Mar 29 '18 at 13:53
  • Honestly, what is your real concern? A secure CA means little to the user, few will check a file or website CA. – mootmoot Mar 29 '18 at 16:00
  • @mootmoot this is for a CA that issues certificates that allow non-repudiable, legally-binding signatures, so in this case the security of the CA is important. – Victor Mar 29 '18 at 17:00

1 Answers1

5

With the keys for a certificate authority, there needs to be a balance between confidentiality (they need to ensure that the keys aren't disclosed without authorisation) and availability (they need not to lose the key entirely otherwise they can't use it to sign certificates).

If they stored their key in an HSM with not way to extract it, then there's a real risk that the HSM would drop the key, and at that point they would be in a bit of a bind in terms of ever issuing more certificates.

From what I've seen of CA handling splitting the key up and then storing it in physically safe locations, is very common practice.

Rory McCune
  • 61,541
  • 14
  • 140
  • 221
  • 2
    You're saying it's common to split the key in half and store each half separately right? OP looks to me like it says each location has a full copy of the key. Is this common as well? – AndrolGenhald Mar 29 '18 at 14:02
  • 2
    Ahh I took multiple vaults to == split keys but you could be right. So to me it would depend on how many people you need to open each vault. the idea is split responsibility, so that no one person can compromise the security of the key. If you need 2+ people to open a single vault, then having the full key in there should be reasonable. – Rory McCune Mar 29 '18 at 14:58
  • 1
    From the CP/CPS: "_Physical access (to the safe box) is only granted to a group of three persons, where one must be a member of the board of directors and one must be a member of the SwissSign executive management. Identification documentation (Passport, ID) and the personal signature of every employee are checked by the personnel of the Swiss Bank. Swiss bank personnel does not have access to the safe deposit box._"... So it seems that all the security of the CA depends in a employee in the bank checking a (forgeable) document id. – Victor Mar 29 '18 at 16:57
  • 5
    @Victor if you think it's easy to get access to a safe deposit box in a swiss bank where you would need forged IDs of two different employee's plus one or two different keys (note that it says the swiss bank personnel can't access the box, that means the CA staff have the key(s) ) then I guess your definition of easy and most people's is somewhat different :) – Rory McCune Mar 29 '18 at 20:59
  • @RоryMcCune hahaha good point! I didn’t realize that you need also a physical key to that box. – Victor Mar 30 '18 at 09:41