The Private Key File

H The Private Key File

Whenever public/private key pairs are created by a CDSA application, a private key file is used to store the private keys. The location of the private key file will be:

<your_home_directory_path>/.cdsa/<your_user_name>

The name of the file will be pkey_<your_user_name>. The permissions of the file are set to user read, write, and execute only. Although the private key data in the file is encrypted (utilizing a DES password based encryption algorithm for the WWA and NA CSP’s, and a CDMF password based encryption algorithm for the WWB CSP), you should take great care to insure the file is not vulnerable to unauthorized access.

Note, while a private key file created by the 40 bit WWB CSP is usable by the WWA or NA CSP, a private key file created by the WWA or NA CSP, is not usable by the WWB CSP. However, a 512 bit RSA or DSA key created in a WWA or NA CSP can still be utilized by a WWB CSP via raw key parameter export.

Finally, while CDSA utilizes the private key file for managing keys created in a CDSA session, a user may not decide to use the file as his/her primary mechanism for key storage. Keys may be securely externally stored utilizing key wrapping techniques. In these cases the private key file created in a session should be deleted by the user after the session is over.

Appendix H

129

Page 129
Image 129
HP UX Security Products and Features Software manual Private Key File, Appendix H 129