[Cryptech Tech] Sketch of a secure channel between client and HSM
Rob Austein
sra at hactrn.net
Thu Jul 27 19:07:59 UTC 2017
Old work item which we kept putting off for later. Still not there
(missing a few bits of C and Verilog we'd want to do this), but to get
some of what I've been thinking written down where others can review,
I've posted:
https://wiki.cryptech.is/wiki/SecureChannel
Comments welcome.
Apologies to readers who don't have access to the referenced texts,
particularly Cryptography Engineering. Their "Secure Channel"
protocol is a nice simple thing using the obvious algorithms (AES and
SHA-2-HMAC), in this particular case I do mostly trust the authors to
have gotten the protocol details right.
I'm sure that someone will quibble with XDR, for now take it as read
that we're already using XDR and I see no need to change that here.
More information about the Tech
mailing list