I'm about to implement my own Certification Authority (CA) for interal use only.
Now there is a problem, that the CA private should never ever be exploited. So right now the private key is encrypted.
What else could be done to enhance the security of the private key?
Best Answer
I worked at a company where the security of the CA key was critical to the continued success of the business. To this end the key was encrypted using a custom protocol that required at least 2 people to be present with physical tokens plugged into terminals to decrypt it(there were at least 5 of these tokens, any 2 combined would work). The terminals were physically separated from the actual machine with the CA key. The interface that the users had who decrypted it was a VT220 terminal that allowed them to input the decryption tokens and then select what they wanted to 'sign' with the key (never giving them access to the decrypted key). This system meant at least 4 people would have to work together to compromise the key, two token holders, the guy who had access to the data center, and another person who had root access on the server (because the decrypted key was never stored on the server only in memory you couldn't just steal the box, and the people with root to this specific server were not allowed DC access).
If you are interested in more details on this sort of setup Bruce Schneier has a great site covering computer security design and implementation:
http://www.schneier.com/
He has also published a really good book Applied Cryptography that I found helped me understand the fundamentals of systems like this and how to architect more secure infrastructures (readable by people who don't wear pocket protectors):
http://www.schneier.com/book-applied.html