Common Data Security Architecture (CDSA) White Paper
Appendix H 129
The Private Key File
H The Private Key File
Whenever public/private key pairs are created by a CDSA application, a private key file is
used to store the private keys. The location of the private key file will be:
<your_home_directory_path>/.cdsa/<your_user_name>
The name of the file will be pkey_<your_user_name>. The permissions of the file are set to
user read, write, and execute only. Although the private key data in the file is encrypted
(utilizing a DES password based encryption algorithm for the WWA and NA CSP’s, and a
CDMF password based encryption algorithm for the WWB CSP), you should take great
care to insure the file is not vulnerable to unauthorized access.
Note, while a private key file created by the 40 bit WWB CSP is usable by the WWA or NA
CSP, a private key file created by the WWA or NA CSP, is not usable by the WWB CSP.
However, a 512 bit RSA or DSA key created in a WWA or NA CSP can still be utilized by a
WWB CSP via raw key parameter export.
Finally, while CDSA utilizes the private key file for managing keys created in a CDSA
session, a user may not decide to use the file as his/her primary mechanism for key
storage. Keys may be securely externally stored utilizing key wrapping techniques. In
these cases the private key file created in a session should be deleted by the user after the
session is over.