System must use asymmetric cryptography with separated keys for encryption and signatures.
OWASP-ASVS v4.0.1 V1.6 Cryptographic Architectural Requirements.(1.6.1) Verify that there is an explicit policy for management of cryptographic keys and that a cryptographic key lifecycle follows a key management standard such as NIST SP 800-57.
Start with Fluid Attacks
We are a proud corporate member of the OWASP Foundation