[Cryptech Tech] Working memory on HSM for decrypted private key components?
Russ Housley
housley at vigilsec.com
Tue Dec 15 16:08:32 UTC 2015
Basil:
>> At the moment, what I have is software and conventional memory, and
>> unless somebody tells me otherwise, I assume that's what we're to be
>> using for the bridge board implementation. Are we expecting to do
>> better than this on the Alpha board?
>
> Cannot exactly say on which stage of the project, but the proper handling of private keys have to be arranged to consider system fully functional. This means, in particular, ensuring that during software execution should be no place (in memory or registers) where private key as a whole will be stored even for some time.
Nice idea, but my experience is that it does not work out so simply. The function to wrap a private key for backup needs to whole plaintext key. You can wipe the buffer as soon as practical, but there is a small period of time where the whole thing is in memory or registers.
Russ
More information about the Tech
mailing list