-
Notifications
You must be signed in to change notification settings - Fork 74
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for private key operations based on hardware security devices #299
Comments
I think this is closely related to #286. If rpgp could accept signers and decryptor implementing objects (using standard RustCrypto interfaces) we could potentially plug other projects such as PKCS#11. One tricky bit is that for PGP signing a couple of things from the PGP "public key" (certificate) are needed, e.g. signing key ID, for embedded that in subpackets (which is not available for any generic keys and couldn't be computed from the raw public key only). For decryption, up until now, the certificate of the recipient was also needed due to the flexibility in ECDH design (which allowed to put KDF params in the certificate). This has been fixed in v6 (the ticket was from times when it was called v5) but I guess there are still keys in the wild that use non-optimal/standard combinations. Phew, this is kind of random babbling from my side... I hope that it didn't confuse anyone (too much) 😅 |
I think there might be an opportunity to refactor the internal |
It's definitely inconvenient that calculating the hash digest for an OpenPGP signature requires additional data from the public key packet (that is not available on all HSM devices). However, as I understand it, that's an orthogonal issue to providing a mechanism that allows performing raw signing operation on hardware devices? So I think we have two somewhat separate design tasks:
|
That'd be really nice. On the lowest-level there is no difference if one plugs the RSA keypair from RustCrypto or any other implementing the same traits. Btw, cool to see so much work being done on rpgp! I think I'm not the only one seeing that: https://chaos.social/@kubikpixel/111998260496315248 |
For the low level cryptographic operations, I see one (multifaceted) concern that needs to be addressed somehow: Authorization on the device. In some cases, a password needs to be provided to the device from the host computer, in other cases, a card reader may require pin entry on an external pin pad, or a device may require touch confirmation. It's currently unclear to me if these requirements have any implications for the design we're discussing here. However, doing this "right" would be nice (the missing notification facility for touch confirmation in particular strikes me as an unnecessary papercut in existing OpenPGP card UX) |
Hi folks 👋 I've spent a bit of time and got the card signer to work with rpgp. Lo and behold: https://github.com/wiktor-k/test-rpgp/blob/main/src/bin/sign.rs and... it works with my key! (If you want to try it out note that it signs the A couple of notes:
And that's it! Btw, I started writing the signing code based on this example but only after a while noticed the Edit: I've found the other example which is packet based... so... maybe the first one should be removed, at least from the root doc. 🤔 Edit 2: I've experimented with hardware decryption a bit and it's slightly more involved: wiktor-k@217543f (this is adding additional variant to minimize the amount of changes but it's not my preferred design, see below). The complexity stems from the fact that the top-level One wrinkle is the "ECDH params" which currently come from the packet. We could expose them alongside these two functions or fix them. (Unlock is also called for signing but we could have |
Currently, there is no mechanism to conveniently use hardware cryptographic devices with rpgp. Adding one would be nice.
Potential use cases include:
@wiktor-k has signaled interest in co-thinking about this
The text was updated successfully, but these errors were encountered: