3.3.15 How should I store my private key?

  Private keys must be stored securely, since forgery and loss of privacy could result from compromise. The private key should never be stored anywhere in plaintext form. The simplest storage mechanism is to encrypt the private key under a password and store the result on a disk. Of course, the password itself must be maintained with high security, not written down and not easily guessed. Storing the encrypted key on a disk that is not accessible through a computer network, such as a floppy disk or a local hard disk, will make some attacks more difficult. Ultimately, private keys may be stored on portable hardware, such as a smart card. Furthermore, a challenge-response protocol will be more secure than simple password access. Users with extremely high security needs, such as certifying authorities, should use special hardware devices to protect their keys (see Question 3.3.8).