Introducing Domain-Specific Keys to Discourage Key Reuse
Some users unwittingly reuse the same key pair across multiple domains. This is a poor security practice, especially if each domain is owned by a different company. A simple solution to this is to attach keys to a given domain name. I call these “domain-specific keys” or just “domain keys” for short.
A typical key pair looks like this:
- Public Key: ebxpubee688df5sCqC82RaLPhfdY3fe…
- Private Key: ebxprv34cab066J6nGPNYhtXkbQ2Cmo…
Because EarthBucks uses a custom key format, which I reuse on Identellica and, soon, all of my other apps, some users have used their keys from earthbucks.com on identellica.com. There is no actual problem with this at this time because both apps manage the keys client-side, and so the server is never exposed to them. However, it is poor practice to reuse keys across domains in case you ever give your key to a malicious server.
To discourage users from reusing keys across domains, I have added a prefix to the string format of each key, which is simply the domain name and a colon, like this:
- Public Key: earthbucks.com:ebxpubee688df5sCqC8…
- Private Key: earthbucks.com:ebxprv34cab066J6nGP…
Apps hosted at alternate domains will have an alternate prefix and therefore have an incompatible key format. Of course, a user could simply change the prefix to reuse the key, but this would require intent to reuse a key, which probably no one will do. The domain name is a very strong visual nudge to not use the same key on a different domain name. Only use the key on the domain name where the domain name is visually present in the key.
In case you’re wondering, the reason why it is a prefix, like a protocol, instead of a postfix, like an email address, is because the keys are long, and a text box typically only shows the first part of the key. The domain name is the most important part of the key as far as visual identification goes, so it should be shown first.
As of today, I have launched support for domain-specific keys on EarthBucks and Identellica. You do not have to do anything if you already have an account on both of these platforms, even if you have reused the same key. There is no actual security issue with reusing the same key on both platforms at this time, but domain-specific keys will encourage best practices for key management for all users on all domains going forward. The open-source repo has also been updated with an implementation of domain keys.