next up previous
Next: 3.3.15 How should I Up: 3.3 Key Management Previous: 3.3.13 What happens if

3.3.14 What happens if my private key is compromised?

If your private key is compromised, that is, if you suspect an attacker may have obtained your private key, then you must assume that some enemy can read encrypted messages sent to you and forge your name on documents. The seriousness of these consequences underscores the importance of protecting your private key with extremely strong mechanisms (see Question 3.3.15).

You must immediately notify your certifying authority and have your old key placed on a Certificate Revocation List (see Question 3.3.11); this will inform people that the key has been revoked. Then choose a new key and obtain the proper certificates for it. You may wish to use the new key to re-sign documents that you had signed with the compromised key; documents that had been time-stamped as well as signed might still be valid. You should also change the way you store your private key, to prevent compromise of the new key.

Denis Arnaud