What Can Be Done With Stolen Private Keys?
In the unlikely event of a private key compromise, the effects differ depending on which keys were stolen, who performed the theft, and what their motivation is.
A user''s private key theft could occur if the user''s PC was stolen or was used by someone else. Although some form of an electronic wallet will store the keys and certificates and are usually protected by a password, if a correct guess does open the e-wallet, the thief instantly assumes the identity of the authorized keyholder. If the theft is not reported, message and transaction recipients are left with no other choice than to believe that they were performed in earnest. At certificate-issuance time, users must be made aware of these consequences when they agree to the Use Policies before accepting their certificates.
Theft of a CA private key is a whole other matter. With the proper systems, a CA key thief could establish himself as a CA, ready to issue certificates. These forged certificates would be undetectable as forgeries and could be used without question.
IE 7
Firefox 2.0
