How do you store digital certificates and cryptographic keys while guaranteeing company security? No doubt the way is always through the adoption of good practices.
That is, the storage of digital certificates and cryptographic keys provides a critical security layer that protects all of a company’s virtual assets.
Breaches due to trust-based attacks are caused precisely by inadequate storage and mismanagement.
When successful, an attack carried out against a digital certificate can have disastrous effects for any organization. Besides security aspects, expired certificates cause great losses in lost business.
Therefore, it is not enough to implement a policy for the use of digital certificates and cryptographic keys: it is also necessary to assertively develop storage and management processes.
Read on to learn more about digital certificate storage.
Digital certificate storage and trust-based attacks
As you know, digital certificates and cryptographic keys are essential for business. After all, they protect data, keep communications private, and establish trust between communicating parties.
In practice, digital certificates are used for several purposes. These include identity verification, file encryption, web authentication, email security, and software signature verification.
Despite their importance, many companies are vulnerable to breaches because they allow the management of certificates and cryptographic keys to be seen as an operational problem, rather than as a security vulnerability that needs to be fixed immediately.
In fact, there is much more a flaw in the policies and processes for storing digital certificates than a vulnerability caused by the absence of security updates or bugs that can compromise any kind of technological structure of an organization.
After all, hackers focus on cryptographic keys and certificates as attack vectors. With bad intentions, they steal them to obtain a trusted status, and then use this to avoid detection and bypass security controls.
The attack happens precisely when the breach of trust occurs
Cybercriminals use trust-based attacks to infiltrate companies, steal valuable information, and manipulate domains. In other words, if private keys used to sign a digital certificate fall into the wrong hands, the system can be breached and the site taken down.
When these cryptographic keys are lost, significant time and energy is wasted accessing systems or renewing certificates.
To give you an idea, if the code signing certificates used to sign an iPhone or Android application, for example, are compromised, an unauthorized developer could launch malware with the help of the breached corporate identity.
In order to reduce the risk of trust-based attacks, digital certificates and cryptographic keys need to be protected and stored securely. This prevents them from being lost or falling into the wrong hands.
Digital certificate storage options and best practices
Every time a digital certificate is issued, a key pair – private and public – is generated.
Without a doubt, the best practice is to keep the private key secure.
After all, if someone can use it, they can create phishing sites with your organization’s certificate in the address bar, authenticate on corporate networks pretending to be you, sign applications or documents in your name, and read your encrypted e-mails.
In many companies, digital certificates and cryptographic keys are the identities of their employees and therefore an extension of their organization’s identification. Protecting them is equivalent to protecting your fingerprints when using biometric credentials.
You certainly would not allow a hacker to get your fingerprint. So why let him have access to your digital certificate?
The storage of digital certificates
The most used modalities for storing digital certificates in Brazil are two: A3, in token or card, and A1, in file on the computer or other device.
A3 stored in token
This is a type of certificate that is stored in a cryptographic token, a device similar to a USB stick, which must be connected directly to a USB port on the user’s computer or server where the system will run. Furthermore, it is not possible to copy, otherwise the media will be blocked.
A3 stored on card
This type of certificate is stored on a smart card with a chip, just like the new bank cards. In short, it must be connected to a reader that needs to be plugged into a USB port on the user’s computer or server where the system will run. Likewise, it is not possible to copy, otherwise the cryptographic media will be blocked.
A1 stored in file on computer or other device
It is an electronic file stored in the user’s computer or server where the system will run. It usually has the extensions .PFX or .P12 and does not need tokens or cards to be transported from one side to the other.
A1 cloud storage
With it you can access your certificate and digitally sign documents through any device: desktops, smartphones and tablets. Finally, you also gain in security and eliminate the worry about physical damage, theft, and loss.
Don’t lose your digital certificates
In summary, the storage of digital certificates needs to be efficient and treated as a priority in the organization.
The choice of the best way to store will depend on the security policies and processes implemented in the company, and especially on who uses the certificates and what they are used for.
In this way, any regulations your company needs to comply with, costs and internal resources will be secured by storing the digital certificates.
EVAL has been developing projects in the financial, health, education and industry segments for over 18 years. Since 2004, we have offered Authentication, Electronic and Digital Signature and Data Protection solutions. Currently, we are present in the main Brazilian banks, health institutions, schools and universities, and different industries.
With value recognized by the market, EVAL’s solutions and services meet the highest regulatory standards of public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.
Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.
Eval, safety is value.