One other scheme I've seen, and which, while it doesn't give me warm fuzzies, seems reasonable, is to issue the the enduser a smartcard with a keypair on it. The SC generates the pair onboard, and exports only the public half. The private half never leaves the SC (there is no function on the card to export it).
If you trust the above, then the only copy of the private key is on the SC, despite it having been generated without the end users participation. Peter > ---------- > From: Jaap-Henk Hoepman[SMTP:[EMAIL PROTECTED]] > Sent: Monday, February 04, 2002 8:45 AM > To: [EMAIL PROTECTED] > Subject: Re: Welome to the Internet, here's your private key > > > It's worse: it's even accepted practice among certain security > specialists. One > of them involved in the development of a CA service once told me that they > intended the CA to generate the key pair. After regaining consciousness I > asked > him why he thought violating one of the main principles of public key > cryptography was a good idea. His answer basically ran as follows: if the > CA is > going to be liable, they want to be sure the key is strong and not > compromised. He said that the PC platform of an ordinary user simply > wasn't > secure/trusted enough to generate keys on. The system might not generate > `good > enough' randomness, or might have been compromised by a trojan. > > Jaap-Henk > > On Sun, 3 Feb 2002 15:09:57 +0100 [EMAIL PROTECTED] writes: > > It is accepted practice among security people that you generate your own > > private key. It is also, unfortunately, accepted practice among > non-security > > people that your CA generates your private key for you and then mails it > to > > you as a PKCS #12 file (for bonus points the password is often included > in > > the same or another email). Requests to have the client generate the > key > > themselves and submit the public portion for certification are met with > > bafflement, outright refusal, or at best grudging acceptance if they're > big > > enough to have some clout. This isn't a one-off exception, this is more > or > > less the norm for private industry working with established (rather than > > internal, roll-your-own) CAs. This isn't the outcome of pressure from > > shadowy government agencies, this is just how things are done. Be > afraid. > > > > -- > Jaap-Henk Hoepman | Come sail your ships around me > Dept. of Computer Science | And burn your bridges down > University of Twente | Nick Cave - "Ship Song" > Email: [EMAIL PROTECTED] === WWW: www.cs.utwente.nl/~hoepman > Phone: +31 53 4893795 === Secr: +31 53 4893770 === Fax: +31 53 4894590 > PGP ID: 0xF52E26DD Fingerprint: 1AED DDEB C7F1 DBB3 0556 4732 4217 ABEF > > > --------------------------------------------------------------------- > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to > [EMAIL PROTECTED] > --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
