This Keymaster session, hosted by Sven Rajala, Internation PKI Man of Mystery, with guest Joey Corpman, Cloud architect at Keyfactor, explored the need for key archival in PKI (Public Key Infrastructure).
Key archival is an essential component of PKI, enabling organizations to recover lost encryption keys and maintain data accessibility. Effective implementation requires stringent controls, adherence to best practices, and preparation for future challenges like quantum-safe cryptography. The session highlights the complexity of key recovery processes and the importance of foresight in designing robust archival systems.
What is Key Archival, and When Should I Use it?
Key archival means securely storing private keys with key usage encryption in an encrypted database, typically managed by a Certificate Authority (CA). The purpose is to enable key recovery in cases of damage or loss of public encryption keys, ensuring critical data remains decryptable and can be encrypted with a new key.
Common use cases include S/MIME (for secure email) and EFS (Encrypting File System). Key archival is critical in scenarios where the loss of encrypted data is unacceptable.
Are There Any Best Practices?
Best practices for key archival typically involve implementing Key Recovery Practice Statements (KRPS) for high-assurance operations. This includes adopting principles such as “four-eye” or multi-admin approvals for key recovery to enhance security. Additionally, it is important to maintain detailed audit trails and enforce role-based access controls to prevent misuse.
And What are the Challenges?
Key recovery poses several challenges that organizations must address. One issue is managing expired or soon-to-expire recovery agent certificates, particularly in Microsoft PKI environments. Another challenge is handling key rotation and ensuring a seamless migration to quantum-safe algorithms as part of post-quantum cryptography preparations. This topic will be explored further in an upcoming Keymaster session. Additionally, balancing operational downtime and security during key re-encryption processes can be complex, requiring careful planning and execution.
Do not Forget the Crypto Agility and Post-Quantum Cryptography!
Migrating existing keys and certificates to quantum-safe algorithms will involve system downtime and extensive re-encryption efforts. Ensuring that both the Certificate Authority (CA) and its clients are prepared for these changes is essential to maintaining secure and reliable operations.
