[Cryptography] [FORGED] Re: HSM's to be required for Code Signing Certificates

Peter Gutmann pgut001 at cs.auckland.ac.nz
Tue Jan 31 06:20:54 EST 2017


Salz, Rich <rsalz at akamai.com> writes:

>The HSM's used in the SET key-signing included in every reply, an operation
>count, and a digest of the input parameters. It was custom code embedded in
>the HSM by CertCo.  I have one as a souvenir.  I wish all HSM's did that.

Fortezza cards did this too, they had both a monotonic counter and a real-time
clock in the device.  The way it worked was that the untrusted host could read
out the time and counter value from the secure device to the untrusted host
and then bind it into the signature they told they secure device to create.

This is why I refer to some HSMs as crypto yes-boxes...

Peter.


More information about the cryptography mailing list