Exploitation of private keys

Correctness

The private key represents a subject.

• Its compromise must be minimized.

• Physically secure backup copies can exist in some cases.

The access path to the private key must be controlled.

• Access protection with password or PIN.

• Correctness of applications.

Confinement

Protection of the private key inside a (reduced) security domain (ex. cryptographic token).

• The token generates key pairs.

• The token exports the public key but never the private key.

• The token internally encrypts/decrypts with the private key.