View Revisions: Issue #5536

Summary 0005536: exchange should delete private keys after signing period expires
Revision 2019-01-31 23:42 by Christian Grothoff
Description Right now, the private keys remain on disk and thus the compromise window still exists. We should modify the code to automatically (!) delete (overwrite file with random bits, then unlink()) private key material.

For this, it'll also be required to define additional files that just contain the public keys, as the time frame during which we may need to verify signatures created with our private keys is often much longer.

(This is about both RSA keys as well as EdDSA signing keys.)
Revision 2019-01-31 23:42 by Christian Grothoff
Description Right now, the private keys remain on disk and thus the compromise window still exists. We should modify the code to automatically (!) delete (overwrite file with random bits, then unlink()) private key material.

For this, it'll also be required to define additional files that just contain the public keys, as the time frame during which we may need to verify signatures created with our private keys is often much longer.