The git repository is configured to generate the web content from the\nMarkdown automatically upon receiving a \u2026<\/p>","content":"
The Trac Wiki that used to hold this site has been converted to a\nwiki-like setup using git, Markdown, Pelican, and m.css.<\/p>\n
- \n
- git repository behind this Wiki<\/a>.<\/li>\n
- Pelican documentation<\/a>.<\/li>\n
- m.css documentation<\/a>.<\/li>\n<\/ul>\n
The git repository is configured to generate the web content from the\nMarkdown automatically upon receiving a
git push<\/code>. <\/p>\nlinkchecker<\/a> may also be\nuseful in validating the generated content.<\/p>","category":{"@attributes":{"term":"misc"}}},{"title":"External Project Tor HSM","link":{"@attributes":{"href":"https:\/\/wiki.cryptech.is\/ExternalProjectsTorHSM","rel":"alternate"}},"published":"2018-09-17T10:26:00+00:00","updated":"2018-10-01T14:38:00+00:00","author":{"name":"Linus Nordberg"},"id":"tag:wiki.cryptech.is,2018-09-17:\/ExternalProjectsTorHSM","summary":"
Problem<\/h2>\n
The Tor network<\/a> is defined by a small number, about ten, of special relays called Directory Authorities (DAs).<\/p>\n
Directory Authorities sign the critical
status votes<\/code> andconsensus status<\/code> documents using SHA-1 and SHA-256 together with RSA-2048 or RSA-3072 once per hour, using medium-term on-lineauthority signing keys<\/code> signed by \u2026<\/p>","content":"Problem<\/h2>\n
The Tor network<\/a> is defined by a small number, about ten, of special relays called Directory Authorities (DAs).<\/p>\n
Directory Authorities sign the critical
status votes<\/code> andconsensus status<\/code> documents using SHA-1 and SHA-256 together with RSA-2048 or RSA-3072 once per hour, using medium-term on-lineauthority signing keys<\/code> signed by their individual off-line long-termauthority identity keys<\/code>. Authority signing keys typically have a lifetime of three to twelve months.<\/p>\nAuthority signing keys are currently kept on the same general purpose computer that runs the Directory Authority and are thus subject to a large number of network threats.<\/p>\n
Proposed solution<\/h2>\n
Move
authority signing keys<\/code> away from the general purpose computer onto an external device which can sign the consensus document without exposing key material to the networked computer system.<\/p>\nThe CrypTech project has created an open source (BSD licensed)
Alpha<\/code> hardware which would be especially suitable, because the open software and hardware offers unprecedented transparency while also enabling a simple, efficient and legacy-free solution.<\/p>\nCurrent typical key roll-over procedure<\/h3>\n
- \n
- Generate new
authority signing key<\/code> on offline system<\/li>\n- Sign new key using
authority identity key<\/code> on offline system<\/li>\n- Save new
authority signing key<\/code> andkey certificate<\/code> on USB stick<\/li>\n- Transfer new
authority signing key<\/code> andkey certificate<\/code> to DA system via network<\/li>\n<\/ul>\nThe key roll-over procedure becomes<\/h3>\n
- \n
- Use administrative tool from this project on DA system to generate new
authority signing key<\/code> on HSM- \n
- The new
authority signing key<\/code> initially remains inactive and unavailable for use<\/li>\n- The public part of new
authority signing key<\/code> is exported from HSM onto the DA system<\/li>\n<\/ul>\n<\/li>\n- Transfer new public part of
authority signing key<\/code> to USB stick<\/li>\n- Sign new public key using
authority identity key<\/code> on offline system<\/li>\n- Save
key certificate<\/code> on USB stick<\/li>\n- Transfer
key certificate<\/code> to DA system via network and make available to DA<\/li>\n- (Optional?) Use administrative tool from this project on DA to present
key certificate<\/code> to HSM<\/li>\n- Activate key (automatic on verified
key certificate<\/code>, manual withoutkey certificate<\/code> verification)<\/li>\n<\/ul>\nMilestones<\/h2>\n
The minimum viable product (MVP) at MS3 is a system where the authority signing key is no longer accessible by the DA system while not making any part of the process worse from a security perspective.<\/p>\n
The system at MS6 (to MS8) does not make any part of the process worse from a \/\/usability\/\/ perspective (subjective) and also adds rate limiting.<\/p>\n
MS1 -- PoC using OpenSSL
PKCS#11<\/code> engine<\/h3>\n- \n
- tor using openssl p11 engine; no key management or rate-limiting<\/li>\n
- useful for test and verification<\/li>\n<\/ul>\n
MS2 -- Using CrypTech RPC instead of OpenSSL<\/h3>\n
- \n
- function declarations in
sw\/libhal\/hal.h<\/code>, definitions insw\/libhal\/rpc_*.c<\/code><\/li>\n- TODO: daemon<\/li>\n<\/ul>\n
MS3 (MVP) -- HSM configuration I<\/h3>\n
- \n
- \"HSM configuration\" is aka \"key management\"<\/li>\n
- administrator connected to MGMT can make HSM
- \n
- generate a MK based on passphrase<\/li>\n
- print public part of MK<\/li>\n<\/ul>\n<\/li>\n
- administrator connected to USER can make HSM
- \n
- generate a new authority signing key pair, wrap the secret part in MK, store both parts in flash memory and export the public part<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
MS4 -- HSM configuration II<\/h3>\n
- \n
- rate limiting<\/li>\n
- enforcing key validity<\/li>\n<\/ul>\n
MS5 -- Enforcing key validity HSM side<\/h3>\n
MS6 -- Rate limiting of signatures<\/h3>\n
MS7 -- New Shiny Crypto Hardware API using CrypTech RPC<\/h3>\n
MS8 -- Getting entropy from HSM<\/h3>\n
MS9 -- Support for more protocols in New Shiny Crypto Hardware API<\/h3>\n
References<\/h2>\n
- \n
- Tor directory protocol, version 3<\/a><\/li>\n
- CrypTech Alpha system<\/a><\/li>\n<\/ul>","category":{"@attributes":{"term":"misc"}}},{"title":"External Projects","link":{"@attributes":{"href":"https:\/\/wiki.cryptech.is\/ExternalProjects","rel":"alternate"}},"published":"2018-09-17T10:12:00+00:00","updated":"2018-09-17T10:27:00+00:00","author":{"name":"Cryptech Core Team"},"id":"tag:wiki.cryptech.is,2018-09-17:\/ExternalProjects","content":"
External projects using CrypTech<\/a> technology.<\/p>\n
- \n
- TorHSM<\/a><\/li>\n<\/ul>","category":{"@attributes":{"term":"misc"}}},{"title":"Project Status Dashboard","link":{"@attributes":{"href":"https:\/\/wiki.cryptech.is\/Dashboard","rel":"alternate"}},"published":"2016-12-15T22:44:00+00:00","updated":"2016-12-15T22:44:00+00:00","author":{"name":"Cryptech Core Team"},"id":"tag:wiki.cryptech.is,2016-12-15:\/Dashboard","summary":"
Product Component Requirements<\/h2>\n
- CrypTech Alpha system<\/a><\/li>\n<\/ul>","category":{"@attributes":{"term":"misc"}}},{"title":"External Projects","link":{"@attributes":{"href":"https:\/\/wiki.cryptech.is\/ExternalProjects","rel":"alternate"}},"published":"2018-09-17T10:12:00+00:00","updated":"2018-09-17T10:27:00+00:00","author":{"name":"Cryptech Core Team"},"id":"tag:wiki.cryptech.is,2018-09-17:\/ExternalProjects","content":"
- Tor directory protocol, version 3<\/a><\/li>\n
- generate a new authority signing key pair, wrap the secret part in MK, store both parts in flash memory and export the public part<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
- TODO: daemon<\/li>\n<\/ul>\n
- function declarations in
- The public part of new
- The new
- Sign new key using
- Pelican documentation<\/a>.<\/li>\n
![\"layer-cake.jpg\"](\"https:\/\/wiki.cryptech.is\/OpenCryptoChip\/OpenCryptoChip\/layer-cake.jpg\")
<\/p>\n