[Cryptography] HSM's to be required for Code Signing Certificates

Sat Jan 28 01:31:20 EST 2017

Dirk-Willem van Gulik <dirkx at webweaving.org> writes:

>Just about any basic USB cryto stick or smartcard with simple USB reader will
>do; most exceed FIPS104-2 Level 2 and you can buy a handful (for test,
>deployment and production) for less than a 100$ - including a separate PIN
>keyboard if so desired.  

Where can you get a handful of FIPS 140-2 level 2 certified smart card/HSMs
with Microsoft-signed CSPs (or PKCS #11 drivers) for Authenticode use for
under $100?  Things must have improved radically in the last year or two if a
range of such devices are now readily available.  The raw hardware is
available if you're prepared to jump through a lot of hoops (e.g. the Gemalto
IDPrime MD meets the requirements, but then you need to deal with minimum
order quantities, find a reader to go with them, deal with finicky and often
nonfunctional drivers, etc).  You're not really sold an Authenticode signing
solution but a bunch of nuts and bolts and parts that you have to assemble and
get working yourself... when your job is to build video capture cards for TV
stations or pumping station controllers, not to fiddle with crypto meccano
sets.

>Heck - most laptops (though the macbooks have lost them) these days come with
>a ‘free’ TPM chip certified.

The very, very few TPMs that I know of that are FIPS 140-2 certified are level
1, no higher (again, E&OE, someone may have got one certified to level 2 or 3
in the last year or two, although I can't see why anyone would bother).  In
addition TPMs are singularly unsuited for general-purpose crypto use, they're
fine for attestation and Bitlocker key storage, but that's about it.

(I know that there are TPMs that are advertised with all sorts of hypothetical
additional capabilities because they're just repurposed smart cards, but try
finding a CSP or PKCS #11 driver that allows them to be used as a general HSM
for Authenticode signing).

>The real issue is here— on the config & software management; the finicky
>scripts and the time&labour waste this drivers. But that is a chicken and egg
>problem and getting better.

I've been working with PKCS #11 devices for around twenty years, and haven't
seen any sign of things getting better.  They've been more or less stagnant
for the last twenty years.

This, meaning Microsoft's requirements, also ignore another problem, the long
tail of small dev shops who don't have the resources to engage in any of these
shenanigans.  It's fine if you're Adobe (although it didn't help them in any
case), Oracle, Google, SAP, and so on, but there's a vast number of SME/SMB
devs who don't have the time or resources to deal with this.  Which means that
they're now required to store their keys in the cloud, since that's the only
other option that the requirements give them.

Stepping back a bit, you can see just how much this is security by press
release/rounding up twice the usual number of suspects.  We have fifteen years
of data on how people attack Authenticode, they either shop around CAs until
they find one who'll take their money, or they break into an Authenticode key-
holder's system and use their key.  There are no recorded cases, ever, of
someone physically breaking into the target premises, decapping their HSM, and
extracting the key using microprobing or equivalent, the thing that the level
1 vs. level 2 step is aimed at protecting against.  In terms of actual
attacks, there's no difference between an HSM at FIPS level 0, 1, 2, 3, or
6.022e23.  It's just rounding up twice the usual FIPS level of suspects and
issuing a press release to say you've done it.

Peter.