[Cryptech Tech] Key generation and storage

Rob Austein sra at hactrn.net
Fri Jan 30 01:04:02 UTC 2015

Previous message: [Cryptech Tech] Key generation and storage
Next message: [Cryptech Tech] Key generation and storage
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At Wed, 28 Jan 2015 09:00:36 -0500, Rob Austein wrote:
>At Wed, 28 Jan 2015 14:25:36 +0100, Jakob Schlyter wrote:
>> 
>> 1. Key Generation
>> 
>> Question: Are keys generated by ARM or FPGA?
>> 
>> - Key generation in FPGA requires minor CPU core.
>> - Key generation in ARM can use cryptlib.
>> 
>> Recommendation: In order to contain and protect the key generation process, perform all key generation in the FPGA.
> 
> I thought the ARM in question was inside the tamper boundary.

Having heard no response, I thought perhaps I should expand a bit on
this question.

a) In case it wasn't clear, I was assuming that key generation on the
   ARM was in software, eg, cryptlib, not in some spooky hardware
   thing on the ARM.

b) As far as I know, we are not planning any sort of security barrier
   between the FPGA (blue) and ARM (green).  Both are inside the
   tamper boundary.   Adding a security barrier on that interface
   looks like a slippery slope to me.

So, again: what's the problem we're trying to solve by moving key
generation onto the FPGA?

Previous message: [Cryptech Tech] Key generation and storage
Next message: [Cryptech Tech] Key generation and storage
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Tech mailing list