[Cryptography] HSM's to be required for Code Signing Certificates
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Fri Jan 27 03:52:00 EST 2017
Natanael <natanael.l at gmail.com> writes:
>Program the HSM to only accept customer requests that are signed by their
>trusted keys, or sent over a trusted channel directly to the HSM. Any
>overrides by the cloud company MUST be logged and audited by an independent
>entity (such as if the customer reports they lost the authentication key).
That's not how HSM's work though. The interface to an HSM, at least for
signing purposes, is "perform a private-key operation on this short byte
string" (a.k.a. "sign this hash"). That's it. Using an HSM merely moves the
key from a potentially attacker-controlled PC to an external crypto box that
does anything the attacker-controlled PC wants. It's perfect for auditing
compliance because you can point to a physical artefact that contains the key,
but only offers a marginal increase in actual security. Recall that e.g. the
Adobe rogue signatures were created using an HSM, which offered at most a
speedbump, if that.
The solution to the problem isn't a FIPS-anything HSM, it's a FIPS-nothing
physical control over when something gets signed, and what gets signed.
Peter.
More information about the cryptography
mailing list