[Cryptography] HSM's to be required for Code Signing Certificates
Bill Frantz
frantz at pwpconsult.com
Sat Jan 28 15:44:28 EST 2017
On 1/27/17 at 12:52 AM, pgut001 at cs.auckland.ac.nz (Peter
Gutmann) wrote:
>The interface to an HSM, at least for
>signing purposes, is "perform a private-key operation on this short byte
>string" (a.k.a. "sign this hash"). That's it.
It seems to me one could build a HSM auditor which passively
monitors the interface to the HSM and records the time of every
signing operation. If the communication between the computer and
the HSM is in the clear, more information could be recorded, but
just the time the signing operations are performed would provide
a useful audit trail.
Cheers - Bill
-------------------------------------------------------------------------
Bill Frantz | The first thing you need when | Periwinkle
(408)356-8506 | using a perimeter defense is a | 16345
Englewood Ave
www.pwpconsult.com | perimeter. | Los Gatos,
CA 95032
More information about the cryptography
mailing list