[Cryptech Tech] Restricting FPGA signing

Jakob Schlyter jakob at kirei.se
Wed Jan 28 14:49:25 UTC 2015


To be able to implement "content inspection" of data to be signed, Joachim and I talked about having the FPGA hasher/signer work in two different modes:

- Permissive mode: FPGA happily signs anything the ARM feeds it
- Restricted mode: FPGA signs only hashes for data previously consumed

This way the content inspection can be implemented in the ARM only (once the FPGA is set to restricted mode). If data is passed to the FPGA for hashing, it may also (at some later point depending on what PKCS#11 mechs are used) sign it (but the ARM doesn't need to care about that).

WDYT?

	jakob



More information about the Tech mailing list