0

I will receive some secret key from server which I will use as an authentication key for a MAC function in the future. But my question is how do I store this key securely on my machine? Will I have to re encrypt it with some other key and store it like that?

  • Unless you go for fancy measures like a HSM key extraction is likely on machine compromise. Even with a HSM it's probably possible to induce it to compute valid MACs. – CodesInChaos Nov 08 '13 at 14:15

2 Answers2

1

A good idea is to encrypt the key and then store on your system. Using a good encryption algorithm like AES with a strong key is advisable.TrueCrypt is one such tool which can help you in saving your key securely.

Jor-el
  • 2,071
  • 1
  • 17
  • 24
  • 4
    The problem is that this shifts the problem to keeping the TrueCrypt key safe. For hot data that isn't much of a gain. For cold data it might work. – CodesInChaos Nov 08 '13 at 14:16
  • @CodesInChaos: Yes exactly where do I store the TrueCrypt key then safely? –  Nov 08 '13 at 15:03
  • As Cory J mentioned, at some point you need to store the trusted information in your head. – Alex Blackwood Nov 08 '13 at 18:18
  • You can use a keyfile along with a password. It will be a hassle when the key is used frequently, but ensures security. – Jor-el Nov 08 '13 at 18:28
1

One possibility would be to utilize something like steghide to hide your key in an image or audio file.

Maybe combine this with the TrueCrypt suggestion. Put your key in a TrueCrypt volume, steghide the TrueCrypt keyfile and remember the passphrase in your head.

Cory J
  • 370
  • 1
  • 2
  • 8