Offline Private Key Protocol
   HOME

TheInfoList



OR:

The Offline Private Key Protocol (OPKP) is a
cryptographic protocol A security protocol (cryptographic protocol or encryption protocol) is an abstract or concrete protocol that performs a security-related function and applies cryptographic methods, often as sequences of cryptographic primitives. A protocol describe ...
to prevent unauthorized access to
back up In information technology, a backup, or data backup is a copy of computer data taken and stored elsewhere so that it may be used to restore the original after a data loss event. The verb form, referring to the process of doing so, is " back up", ...
or
archive An archive is an accumulation of historical records or materials – in any medium – or the physical facility in which they are located. Archives contain primary source documents that have accumulated over the course of an individual or ...
data. The protocol results in a
public key Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic alg ...
that can be used to encrypt data and an
offline private key A paper key is a machine-readable print of a cryptographic key. The printed key can be used to decrypt data, e.g. archives or backup data. A paper key can be the result of an offline private key protocol. The offline private key can also function ...
that can later be used to decrypt that data. The protocol is based on three rules regarding the key. An offline private key should: * not be stored with the encrypted data (obviously) * not be kept by the organization that physically stores the encrypted data, to ensure privacy * not be stored at the same system as the original data, to avoid the possibility that theft of only the private key would give access to all data at the storage provider; and to avoid that when the key would be needed to restore a backup, the key would be lost together with the data loss that made the restore necessary in the first place To comply with these rules, the offline private key protocol uses a method of asymmetric key wrapping.


Security

As the protocol does not provide rules on the strength of the encryption methods and keys to be used, the security of the protocol depends on the actual cryptographic implementation. When used in combination with strong encryption methods, the protocol can provide extreme security.


Operation

Initially: # a client program (program) on a system (local system) with data to back up or archive generates a random private key PRIV # program creates a public key PUB based on PRIV # program stores PUB on the local system # program presents PRIV to user who can store the key, e.g. printed as a
trusted paper key A paper key is a machine-readable print of a cryptographic key. The printed key can be used to decrypt data, e.g. archives or backup data. A paper key can be the result of an offline private key protocol. The offline private key can also functi ...
, or on a memory card # program destroys PRIV on the local system When archiving or creating a backup, for each session or file: # program generates a one-time random key OTRK # program encrypts data using OTRK and a symmetric encryption method # program encrypts the (optionally padded) key OTRK using PUB to OTRKCR # program stores the OTRKCR and the encrypted data to a server # program destroys OTRK on the local system # program destroys OTRKCR on the local system # the server stores OTRKCR and stores the encrypted data To restore backed up or archived data: # user feeds PRIV into program # program downloads data with the respective OTRKCR # program decrypts OTRKCR using PRIV, giving OTRK # program decrypts data using OTRK # program destroys PRIV on the local system


References

{{Reflist Cryptographic protocols Data security