[Cryptography] [FORGED] Re: HSM's to be required for Code Signing Certificates

Dirk-Willem van Gulik dirkx at webweaving.org
Tue Jan 31 09:40:32 EST 2017


> On 31 Jan 2017, at 12:20, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
> 
> Salz, Rich <rsalz at akamai.com> writes:
> 
>> The HSM's used in the SET key-signing included in every reply, an operation
>> count, and a digest of the input parameters. It was custom code embedded in
>> the HSM by CertCo.  I have one as a souvenir.  I wish all HSM's did that.
> 
> Fortezza cards did this too, they had both a monotonic counter and a real-time
> clock in the device.  The way it worked was that the untrusted host could read
> out the time and counter value from the secure device to the untrusted host
> and then bind it into the signature they told they secure device to create.
> 
> This is why I refer to some HSMs as crypto yes-boxes…

In this context - code signing - why would that be wrong ? 

If you have the common situation that some sort of governance process sees a piece of code ultimately declared fit for distribution; and this is tied to a release manager (or a cabal thereof) — why would it be inappropriate for a HSM to simply be the yes man. 

I.e. sign the executable hash if the release manager requests it to do so - with only a modicum of counting or audit to keep everyone honest and detecting something ‘extra’ signed within days or weeks.

As in the code signing case - it is the fact that you do not want the signing key to sit on every developers laptop; the threats w.r.t. the binary are often tackled elsewhere/are not part of what an HSM can really help with.

Or am I missing something ?

Dw


More information about the cryptography mailing list