(possible duplicate message) What technology is available to create a 2048-bit RSA key pair so that:
1 - the randomness comes from quantum noise 2 - no one knows the secret part, 3 - The secret part is kept in the "box" and it is safe as long as the box is physically secured (expense of securing the box is a don't care). 4 - "box" can do high-speed signing (say, 0.1 mS per signature) over some kind of network interface 5 - you can reasonably convince certain people (that stand to lose a lot and have huge resources) in 1, 2, 3 and 4. 6 - The operation budget is around $1m (maintenance not included). 7 - attacker's budget is around $100m 8 - the key must never be destroyed, so backup is essential. In other words, convincing translation of a crypto problem into physical security problem. It looks like the key gets created on the same box(es) on which it is stored, which all interested parties inspected to any desireable level. Once everyone is comfortable the button gets pressed to create/distribute the key, and then you put goons with AKs around the boxes and pray that no one fucked with the microprocessor ... this may mean buying the components at random.
