Confirmed users
529
edits
Security/Guidelines/Key Management: Difference between revisions
Security/Guidelines/Key Management (view source)
Revision as of 21:03, 23 October 2014
, 23 October 2014→Handling
No edit summary |
|||
| Line 79: | Line 79: | ||
= Handling = | = Handling = | ||
== X509 Certificates and Keys== | |||
== SSH == | == SSH == | ||
=== Generation === | |||
<source code="bash"> | |||
$ ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa_mozilla_$(date +%Y-%m-%d) -C "Mozilla key for xyz" | |||
$ ssh-keygen -t ecdsa -b 384 -f ~/.ssh/id_rsa_mozilla_$(date +%Y-%m-%d) -C "Mozilla key for xyz" | |||
</source> | |||
=== Protection === | |||
==== User Key ==== | |||
==== Machine Key ==== | |||
When SSH keys are necessary for automation between systems, it is reasonable to use passphrase-less keys. | |||
* The recommended settings are identical to the user keys. | |||
* The keys must be accessible only by the admin user (root) and/or the system user requiring access. | |||
When non-user keys are generated, a copy of their fingerprint and a description of their usage should be recorded in your team's inventory (e.g. a wiki page, Mozilla inventory, etc.) | |||
== PGP/GnuPG == | == PGP/GnuPG == | ||
= Definitions = | = Definitions = | ||
== Bits of security == | == Bits of security == | ||