将私钥存储在数字签名服务器上的哪里？ [英] Where to store the private key on a digital signing server?

问题描述

我正在开发一个客户端 - 服务器应用程序，它需要在发送给客户端之前使用私钥对一些文件进行签名。然后，客户端将使用公钥验证签名。因此，私钥将需要在服务器上随时可以由服务器应用程序读取。

I am developing a client-server application that requires some files to be signed using the private key before sending to the client. The client will then verify the signature using the public key. Therefore, the private key will need to be on the server at all time and readable by the server application.

问题是我想知道在哪里存储我的私钥如果服务器受到威胁，那么这样做就更安全了。

The problem is that I was wondering where to store my private key that is more secure from being leaked in case the server is compromised.

我应该将其存储在数据库中，还是应该将其存储为文件并使用文件权限来控制

Should I store it in the database or should I store it as a file and use file permission to control?

谢谢。

推荐答案

选项选项是使用setuid作为不同用户执行证书签名的二进制文件。

Option option is to use a setuid binary which runs as a different user to do the certificate signing.

其他用户将具有对该密钥的读取权限，但普通应用服务器用户将没有读取权限。因此，如果有人泄露了应用服务器的帐户，他们只能签署任意证书，而不是窃取CA私钥。

This other user would have read-access to the key, but the "Normal" app-server user would not have read-access. Therefore if someone compromised the app server's account, they would only be able to sign arbitrary certificates, not steal the CA private key.

另一种可能性是拥有一些RPC机制将签名请求传递给作为另一个用户运行的另一个进程，可能在另一个主机上。或同一个主机上的另一个虚拟机（但不是应用程序服务器中的）。

Another possibility would be to have some RPC mechanism to pass the signing request to another process running as another user, possibly on another host. Or another VM on the same host (but not inside the app server machine).

这些方法中的任何一种只会减少妥协的影响，但仍然不好。

Any of these approaches just reduce the impact of a compromise, but it's still bad.

这篇关于将私钥存储在数字签名服务器上的哪里？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！