summaryrefslogtreecommitdiff
path: root/markdown/AlphaSealedBags.md
diff options
context:
space:
mode:
Diffstat (limited to 'markdown/AlphaSealedBags.md')
-rw-r--r--markdown/AlphaSealedBags.md62
1 files changed, 62 insertions, 0 deletions
diff --git a/markdown/AlphaSealedBags.md b/markdown/AlphaSealedBags.md
new file mode 100644
index 0000000..e99dbca
--- /dev/null
+++ b/markdown/AlphaSealedBags.md
@@ -0,0 +1,62 @@
+
+## Chain of custody
+
+At present, we can't make any statements at all about the integrity of the hardware before it reached us - assembled and ready.
+
+We test and program the Alphas using a dedicated computer, but not in a secure facility by any means.
+A concerned user is advised to reprogram the firmware with binaries built from source.
+
+To provide some assurance the devices have not been tampered with after they have been programmed we put them in sealed bags with individual serial numbers.
+
+As the model of bags might change over time, we will publish photos of the bags used here as well as PGP signed statements for what serial numbers can be expected.
+At this time, we do not keep records of which exact unit was sent to whom.
+
+
+
+This is a picture of the currently used bags:
+
+[[Image(Alpha_tamper_bag_2016-12-16.png, 640px)]]
+
+
+
+```
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+At 2016-12-16, I put Cryptech Alpha units into sealed bags with the
+following serial numbers:
+
+ 26 0 027 233 507
+ 26 0 027 233 508
+ 26 0 027 233 509
+ 26 0 027 233 510
+ 26 0 027 233 511
+ 26 0 027 233 512
+ 26 0 027 233 513
+ 26 0 027 233 514
+ 26 0 027 233 515
+ 26 0 027 233 516
+ 26 0 027 233 517
+ 26 0 027 233 518
+ 26 0 027 233 519
+ 26 0 027 233 520
+ 26 0 027 233 521
+ 26 0 027 233 522
+ 26 0 027 233 523
+ 26 0 027 233 524
+ 26 0 027 233 525
+ 26 0 027 233 526
+
+/Fredrik
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2
+
+iQEcBAEBCgAGBQJYU/MVAAoJEBmMGv1QUVLd+2gH/jLZ7aUGlZ+Iwj6b746Hh6u1
+2JAZ+2tk5tRooTwNb4A5P3ewRcbjA0jPJQQlpVqZcxdt0DDjS16AR0LEaH2rWL++
+sj/OtBm5rqAmVcf1NNvzpC8f8WWgRYhx4nNhWKnEcTBQXT9NbFQhQY0WH3ebupnn
+8PK0mX8PpfsjM/3vxtVVLmi+vBsxv0hBcdl+t4IPw/UbzozicF6jZpxRXxVujTE6
+WLGXaCnySS4T1zgtpewfgVMOMouGScUw5n2yHRZJpissGUVJtuPrOEmNFvDz7LRD
+i00Rc4i2emsKTgKrkMIKyQWSqFIQ1nBUQ5B5ES1Q50432cppbyEW2rJJZjAuxgM=
+=s2D5
+-----END PGP SIGNATURE-----
+```