[Cryptography] HSM's to be required for Code Signing Certificates

Peter Gutmann pgut001 at cs.auckland.ac.nz
Fri Jan 27 03:52:00 EST 2017


Natanael <natanael.l at gmail.com> writes:

>Program the HSM to only accept customer requests that are signed by their
>trusted keys, or sent over a trusted channel directly to the HSM. Any
>overrides by the cloud company MUST be logged and audited by an independent
>entity (such as if the customer reports they lost the authentication key).

That's not how HSM's work though.  The interface to an HSM, at least for
signing purposes, is "perform a private-key operation on this short byte
string" (a.k.a. "sign this hash").  That's it.  Using an HSM merely moves the
key from a potentially attacker-controlled PC to an external crypto box that
does anything the attacker-controlled PC wants.  It's perfect for auditing
compliance because you can point to a physical artefact that contains the key,
but only offers a marginal increase in actual security.  Recall that e.g. the
Adobe rogue signatures were created using an HSM, which offered at most a
speedbump, if that.

The solution to the problem isn't a FIPS-anything HSM, it's a FIPS-nothing
physical control over when something gets signed, and what gets signed.

Peter.

     


More information about the cryptography mailing list