[Cryptech Core] Automatic key zeroisation of keys in keywrap

Joachim Strömbergson joachim at assured.se
Fri Dec 7 15:01:22 UTC 2018

Previous message (by thread): [Cryptech Core] Automatic key zeroisation of keys in keywrap
Next message (by thread): [Cryptech Core] CrypTech hardware license
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Aloha!

On 2018-12-07 15:59, Peter Stuge wrote:
> Joachim Strömbergson wrote:
>> The question is then what a proper lower bound is? Reset back to timeout
>> is the easiest since it doesn't add another magic number. But would that
>> be ok?
> 
> I think that's OK.

Cool.


> Is it easy to also add an explicit wipe, for when SW knows that a key
> is no longer needed?

Not hard at all. Simply add a new control bit and when it is pulled
automatically trigger the current zeroisation operation. Good idea. Thanks!

-- 
Med vänlig hälsning, Yours

Joachim Strömbergson
========================================================================
                               Assured AB
========================================================================

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <https://lists.cryptech.is/archives/core/attachments/20181207/d0aef195/attachment-0001.sig>

Previous message (by thread): [Cryptech Core] Automatic key zeroisation of keys in keywrap
Next message (by thread): [Cryptech Core] CrypTech hardware license
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Core mailing list