secure key storage APIs

Travis H. solinym at gmail.com
Thu Sep 7 20:52:06 EDT 2006 

Hey,

Does anyone know of any OSS OS facilities for managing keys?

With ssh-agent and gpg-agent providing access to key storage
by inherited processes, and the keys themselves being vulnerable
as stored on-disk, I wonder if there isn't any more general facility
for doing key management and access control, and I was wondering
if there were any useful papers on this kind of facility.

As I see it, there are a couple of seperate issues:

1) Persistent key storage; how does it look on-disk?  Obviously
we will want confidentiality, and probably have integrity.   But
what kind of algorithm do we use?  When designing key storage
for a given system, one can usually use that system to access
the persistent form.  This has the neat property that a break
in the storage security would imply that the given system itself
could have been broken, so no harm done; the "attack surface"
is not increased by the key store subsystem.

2) Non-persistent key store; there are data remanence issues
with DRAM and other supposedly non-persistent storage.  I
have heard a story about a homebrew computer that stored
the "clean shutdown" or "dirty" bit in the same memory location,
and after a reboot it would read this location to decide if it
needed to check the disks.  Apparently it stayed "dirty" so
long the value was burned-in.  Maybe not a big deal for
key store in a complex environment, but would be really
important in embedded devices with fairly static memory
layouts, e.g. VPN concentrators.  Solve by secret-sharing
between two locations, or by inverting every bit periodically.

3) Access control policy; who should get access to the keys?

4) OS support; should keys be stored as immutable quantities,
like a process's real UID value?  If so, can they be transferred,
and under what conditions?  Can they be inherited?

Any considerations that I'm missing?
-- 
"If you're not part of the solution, you're part of the precipitate."
Unix "guru" for rent or hire -><- http://www.lightconsulting.com/~travis/
GPG fingerprint: 9D3F 395A DAC5 5CCC 9066  151D 0A6B 4098 0C55 1484

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list