Your browser does not allow storing cookies. We recommend enabling them.

SSH Tectia

Certificates and Keys on Smart Cards

Because the security of public-key cryptography (including certificate and public-key authentication) relies heavily on the confidentiality of the private key, it is important to keep the private key secure. If the private key is stored for example on the local hard drive, it is very important that only the intended user has read access to the private key. If someone could obtain the private key, they could potentially mount a brute-force or a dictionary attack to discover the passphrase of the private key, and security would be void.

If the security of the machine on which public-key or certificate authentication is used cannot be guaranteed, or if a higher level of security is desired, the private key (and any public keys or certificates) can be stored on a smart card or another two-factor authentication token.

Storing the private key and public key or certificate on a smart card can also be convenient if a user uses many different machines to connect from. Storing a copy of the key pair on each machine is often not desirable and transporting the key pair on a floppy disk or other easily damaged or copied media may not be convenient or secure. A smart card could be used in this type of scenario to store the private key and certificate or the public key, and none of the secret key material would need to be stored on the client computers.

In SSH Tectia Client and Connector 5.x, the Connection Broker component can be used as a key provider for accessing keys and certificates from disk files and hardware cryptographic devices. It can also be used as an authentication agent to store passphrases for key pairs.




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now