CISSP Study Guide: Software and Hardware Storage of Keys

Software Storage of an Archived Key

Software storage of an archived key is where the key is kept on a disk or other type of removable media. When you need to provide another user with a key, you can copy the key to a floppy disk and use the copy to perform the operation. When the key is in use, it’s transferred to active memory on the computer.

To protect the integrity of the key, it can be stored in an approved cryptographic module. When the copy of the private key is no longer needed the media that was used to copy it must be destroyed. Software storage is an easier method and inexpensive, but it is also more vulnerable to being compromised than a hardware solution.

Hardware Storage of a Key

Hardware storage of a key is its placement on a hardware storage medium, such as a smart card or hardware security module. HSMs also produce the keys on the hardware device as a substitute for transmitting a private key over a network connection or other medium.

When a user is given a key, the smart card that holds the key is programmed and then given to the user. This method of key storage is very difficult to corrupt and requires specialized equipment, making it more costly than the software storage solution.