Why it matters
A secure key at rest is only part of the challenge. Keys must be used to sign transactions, backed up against loss, rotated when compromised, and transferred during succession events. Each operation creates opportunities for error or attack. Key management defines how these operations happen safely.
How it works
Generation: Keys should be created using trusted hardware with auditable randomness. The generation environment should be isolated and verified.
Storage: Keys should be protected commensurate with their value. High-value keys require cold storage, geographic distribution, and physical security controls.
Access control: Who can use keys, under what conditions, with what authorization? Dual control (requiring multiple people) and separation of duties (different people for different functions) reduce insider risk.
Backup and recovery: Backup copies must exist to prevent loss, but each copy is an attack surface. The backup strategy should balance durability against exposure.
Rotation and retirement: When keys may be compromised, holdings should be moved to fresh keys. Old keys should be securely destroyed. The rotation process itself must be secure.
Audit and monitoring: Key usage should be logged. Anomalous access patterns should trigger alerts. Regular reviews should verify that controls remain effective.
Common failures
- Keys generated on compromised hardware
- Backups stored insecurely or not at all
- Access granted too broadly or without proper controls
- No process for rotation when compromise is suspected
- Succession plans that fail to address key transfer
