The Private Key File
H The Private Key File
Whenever public/private key pairs are created by a CDSA application, a private key file is used to store the private keys. The location of the private key file will be:
<your_home_directory_path>/.cdsa/<your_user_name>
The name of the file will be pkey_<your_user_name>. The permissions of the file are set to user read, write, and execute only. Although the private key data in the file is encrypted (utilizing a DES password based encryption algorithm for the WWA and NA CSP’s, and a CDMF password based encryption algorithm for the WWB CSP), you should take great care to insure the file is not vulnerable to unauthorized access.
Note, while a private key file created by the 40 bit WWB CSP is usable by the WWA or NA CSP, a private key file created by the WWA or NA CSP, is not usable by the WWB CSP. However, a 512 bit RSA or DSA key created in a WWA or NA CSP can still be utilized by a WWB CSP via raw key parameter export.
Finally, while CDSA utilizes the private key file for managing keys created in a CDSA session, a user may not decide to use the file as his/her primary mechanism for key storage. Keys may be securely externally stored utilizing key wrapping techniques. In these cases the private key file created in a session should be deleted by the user after the session is over.
Appendix H | 129 |