Apologies for the duplicate mail; I sent the below message to [email protected] earlier, without realizing that [EMAIL PROTECTED] exists for the purpose of tracking patches. Any feedback on this proposal would be welcome.
Thanks, Nickolai. ---------- Forwarded message ---------- From: Nickolai Zeldovich <[EMAIL PROTECTED]> Date: Mar 22, 2007 11:40 PM Subject: Securing private RSA keys To: [email protected] Below is a patch against the CVS version of OpenSSL that tries to secure an SSL certificate's private RSA key, by keeping it in a separate "RSA key daemon". This daemon does not allow anyone else to obtain the private key itself. Instead, it allows the OpenSSL library to connect to it over a Unix domain socket and generate signatures using that key. The advantage of this approach is that even if the SSL code is compromised, or the process using the OpenSSL library (such as Apache) is compromised, the private key is still secure, since RSA is secure against chosen ciphertexts and plaintexts. Standard Unix permissions on the Unix domain socket can be used to control who is permitted to use this key to generate RSA signatures. For example, the RSA key could be only accessible to root, and root would run this RSA key daemon, allowing the user running Apache+OpenSSL to access the Unix domain socket, to establish SSL session keys. As an example, here's how the built-in OpenSSL test web server can make use of this mechanism: % openssl req -new -x509 -keyout key.pem -out cert.pem -nodes -subj /CN=test % openssl rsaprocd ./key.pem ./keysock & % openssl s_server -engine rsaproc -keyform e -key ./keysock -cert cert.pem -accept 1234 & % openssl s_client -connect localhost:1234 The actual patch: http://www.scs.stanford.edu/~nickolai/openssl-rsaproc.patch Nickolai. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
