[Cryptech Tech] Working memory on HSM for decrypted private key components?
Basil Dolmatov
dol at reedcat.net
Wed Dec 16 09:47:14 UTC 2015
dol@ с iPad
> 15 дек. 2015 г., в 19:08, Russ Housley <housley at vigilsec.com> написал(а):
>
> Basil:
>
>>> At the moment, what I have is software and conventional memory, and
>>> unless somebody tells me otherwise, I assume that's what we're to be
>>> using for the bridge board implementation. Are we expecting to do
>>> better than this on the Alpha board?
>>
>> Cannot exactly say on which stage of the project, but the proper handling of private keys have to be arranged to consider system fully functional. This means, in particular, ensuring that during software execution should be no place (in memory or registers) where private key as a whole will be stored even for some time.
>
> Nice idea, but my experience is that it does not work out so simply. The function to wrap a private key for backup needs to whole plaintext key. You can wipe the buffer as soon as practical, but there is a small period of time where the whole thing is in memory or registers.
I said nothing about "simply". ;)
Wrapping function accepts just some bit sequence, which is not necessarily "whole plaintext key". ;)
> Russ
>
>
More information about the Tech
mailing list