[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-talk] Recommended private key management and recovery
Hello tor-talk!
I have an operations question for those in high-security orgs:
* How do you manage your private keys?
* How do you do recover from a key-compromise?
I ask because there's talk among Singaporean financial tech firms
about migrating to more transparent (yay!) blockchain-based
cryptoledgers, but a sticking point for management is how to reliably
recover from theft of private keys. I understand there exist
real-world practices like cold-storage as well as cryptographic
practices like requiring quorum of n keys and then regenerating a
stolen key from the quorum. However, I am seeking something more
concrete for how it all fits together. And I figured that if any
group of people both competent and transparent enough to discuss this,
it's tor-talk.
I am currently under the impression that this is a largely-solved
problem, but often requires domain-specific knowledge/techniques.
Ergo, I ask. A paragraph or two overview of the gist would be fine.
Whatever you write I will probably polish into something non-h4x0rs
can understand.
Thanks much,
-Virgil
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk