[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Recommended private key management and recovery

Hello tor-talk!

I have an operations question for those in high-security orgs:
* How do you manage your private keys?
* How do you do recover from a key-compromise?

I ask because there's talk among Singaporean financial tech firms
about migrating to more transparent (yay!) blockchain-based
cryptoledgers, but a sticking point for management is how to reliably
recover from theft of private keys.  I understand there exist
real-world practices like cold-storage as well as cryptographic
practices like requiring quorum of n keys and then regenerating a
stolen key from the quorum.  However, I am seeking something more
concrete for how it all fits together.  And I figured that if any
group of people both competent and transparent enough to discuss this,
it's tor-talk.

I am currently under the impression that this is a largely-solved
problem, but often requires domain-specific knowledge/techniques.
Ergo, I ask.  A paragraph or two overview of the gist would be fine.
Whatever you write I will probably polish into something non-h4x0rs
can understand.

Thanks much,
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to