diff options
60 files changed, 171 insertions, 155 deletions
diff --git a/content/ASICImplementations.md b/content/ASICImplementations.md index a5ff4a6..7ade8ad 100644 --- a/content/ASICImplementations.md +++ b/content/ASICImplementations.md @@ -1,3 +1,4 @@ +Slug: ASICImplementations Title: Development of a Cryptech ASIC Implementation Date: 2016-12-15 22:44 Category: FutureWork diff --git a/content/AlphaBoard.md b/content/AlphaBoard.md index 828e64e..1027a8f 100644 --- a/content/AlphaBoard.md +++ b/content/AlphaBoard.md @@ -1,3 +1,4 @@ +Slug: AlphaBoard Title: Alpha Board Author: Joachim Strömbergson Date: 2016-12-15 22:39 diff --git a/content/AlphaBoardComponents.md b/content/AlphaBoardComponents.md index b963bb8..1275c6b 100644 --- a/content/AlphaBoardComponents.md +++ b/content/AlphaBoardComponents.md @@ -1,3 +1,4 @@ +Slug: AlphaBoardComponents Title: CrypTech Alpha Board BOM and PCB design requirement sketch Authors: Joachim Strömbergson, Fredrik Thulin Date: 2015-03-09 diff --git a/content/AlphaBoardPictures.md b/content/AlphaBoardPictures.md index 072a704..3cbb191 100644 --- a/content/AlphaBoardPictures.md +++ b/content/AlphaBoardPictures.md @@ -1,3 +1,4 @@ +Slug: AlphaBoardPictures Title: High resolution pictures of the Alpha board Author: Rob Austein Date: 2016-12-15 22:44 diff --git a/content/AlphaBoardStrategy.md b/content/AlphaBoardStrategy.md index ecb8dbb..9d98e3e 100644 --- a/content/AlphaBoardStrategy.md +++ b/content/AlphaBoardStrategy.md @@ -1,3 +1,4 @@ +Slug: AlphaBoardStrategy Title: Alpha Board Strategy Date: 2016-12-15 22:43 Category: AlphaBoard diff --git a/content/AlphaReviewLog.md b/content/AlphaReviewLog.md index fe28367..488629a 100644 --- a/content/AlphaReviewLog.md +++ b/content/AlphaReviewLog.md @@ -1,3 +1,4 @@ +Slug: AlphaReviewLog Title: Review feedback of the Alpha schematics Date: 2016-12-15 22:43 Category: AlphaBoard diff --git a/content/AlphaSchematics.md b/content/AlphaSchematics.md index 5fd9c9f..f3960d5 100644 --- a/content/AlphaSchematics.md +++ b/content/AlphaSchematics.md @@ -1,3 +1,4 @@ +Slug: AlphaSchematics Title: Alpha Schematics Date: 2016-12-15 22:39 Category: AlphaBoard diff --git a/content/AlphaSealedBags.md b/content/AlphaSealedBags.md index 091fd86..81a68d8 100644 --- a/content/AlphaSealedBags.md +++ b/content/AlphaSealedBags.md @@ -1,3 +1,4 @@ +Slug: AlphaSealedBags Title: Alpha Sealed Bags Author: Fredrik Thulin Date: 2016-12-16 14:09 diff --git a/content/AssuredTooChain.md b/content/AssuredTooChain.md index 5374cf5..d6b72a6 100644 --- a/content/AssuredTooChain.md +++ b/content/AssuredTooChain.md @@ -1,3 +1,4 @@ +Slug: AssuredTooChain Title: Issues of an Assured Tool-Chain Date: 2016-12-15 22:44 Category: FutureWork diff --git a/content/BerlinWorkshop.md b/content/BerlinWorkshop.md index e77033c..bcfa3fb 100644 --- a/content/BerlinWorkshop.md +++ b/content/BerlinWorkshop.md @@ -1,3 +1,4 @@ +Slug: BerlinWorkshop Title: Cryptech Workshop Agenda, Berlin, 15-16 July 2016 Date: 2016-12-15 22:43 Category: Workshops @@ -17,8 +18,9 @@ Alpha Board cost: if you are an alpha tester and plan to take an alpha board hom ## Draft Agenda ### Friday 15 July +| When | What +| ---- | ---- | 0830 | Coffee -|---| | 0930 | Introductions, setup | 1000 | Presentation of the cryptech alpha device | | - cryptech overview (attachment:2016-07-15-berlin-main.pdf) @@ -36,10 +38,10 @@ Alpha Board cost: if you are an alpha tester and plan to take an alpha board hom | 1530 | Hands-on testing continues | 1700 | Finish day one - ### Saturday 16 July +| When | What +| ---- | ---- | 0900 | Hands-on testing continues -|---| | 1030 | Coffee break | 1100 | Workshop wrap-up | | - outstanding questions @@ -47,7 +49,6 @@ Alpha Board cost: if you are an alpha tester and plan to take an alpha board hom | | - opportunity to articulate what participants will need that isn't readily available | 1300 | Finish - ## What you need to bring During the workshop you will have access to the cryptech platform using a PKCS11 interface (reviewing PKCS11 might be a good way to prepare for diff --git a/content/BinaryPackages.md b/content/BinaryPackages.md index 404c60f..c38f782 100644 --- a/content/BinaryPackages.md +++ b/content/BinaryPackages.md @@ -1,10 +1,10 @@ +Slug: BinaryPackages Title: Binary Packages for Cryptech Software and Firmware Author: Rob Austein Date: 2016-12-15 22:44 Modified: 2019-09-03 15:23 Category: Releases - The Cryptech Project maintains APT and Homebrew repositories containing packaged software for the Cryptech Alpha board for Debian and Ubuntu Linux and for Mac OS X. The binary packages also include @@ -14,136 +14,95 @@ CPU, and AVR ATtiny828 MCU. ## How to get APT packages for Debian Stretch, Debian Buster, Ubuntu Xenial, or Ubuntu Bionic -* Fetch and validate the repository key. Presumably you're security - concious (otherwise, why are you installing this stuff?), so you may - want to pay attention to what `gpg --check-sig` says here. - - - ``` - $ id=37A8E93F5D7E7B9A - $ wget https://apt.cryptech.is/apt-gpg-key.gpg - $ gpg --recv-key $id - $ gpg --check-sig $id - ``` +* Fetch and validate the repository key. Presumably you're security + concious (otherwise, why are you installing this stuff?), so you may + want to pay attention to what `gpg --check-sig` says here. + id=37A8E93F5D7E7B9A + wget https://apt.cryptech.is/apt-gpg-key.gpg + gpg --recv-key $id + gpg --check-sig $id -* Install the repository key. We used to use `apt-key(8)` for this, - these days the cool kids use the `/etc/apt/trusted.gpg.d/` directory: +* Install the repository key. We used to use `apt-key(8)` for this, + these days the cool kids use the `/etc/apt/trusted.gpg.d/` directory: + sudo chown root:root apt-gpg-key.gpg + sudo mv apt-gpg-key.gpg /etc/apt/trusted.gpg.d/cryptech.gpg - ``` - $ sudo chown root:root apt-gpg-key.gpg - $ sudo mv apt-gpg-key.gpg /etc/apt/trusted.gpg.d/cryptech.gpg - ``` +* Configure apt to use the repository. You need to add a couple of + entries to `/etc/apt/source.list.d/`; which entries you need to add + depends on which distribution you're running. + * For Debian Stretch, do: -* Configure apt to use the repository. You need to add a couple of - entries to `/etc/apt/source.list.d/`; which entries you need to add - depends on which distribution you're running. - * For Debian Stretch, do: - ``` - $ sudo wget -q -O /etc/apt/sources.list.d/cryptech.list https://apt.cryptech.is/sources.stretch.list - ``` - * For Debian Buster, do: - ``` - $ sudo wget -q -O /etc/apt/sources.list.d/cryptech.list https://apt.cryptech.is/sources.buster.list - ``` - * For Ubuntu Xenial, do: - ``` - $ sudo wget -q -O /etc/apt/sources.list.d/cryptech.list https://apt.cryptech.is/sources.xenial.list - ``` - * For Ubuntu Bionic, do: - ``` - $ sudo wget -q -O /etc/apt/sources.list.d/cryptech.list https://apt.cryptech.is/sources.bionic.list - ``` + sudo wget -q -O /etc/apt/sources.list.d/cryptech.list https://apt.cryptech.is/sources.stretch.list + * For Debian Buster, do: + sudo wget -q -O /etc/apt/sources.list.d/cryptech.list https://apt.cryptech.is/sources.buster.list + * For Ubuntu Xenial, do: -* Update the package index. + sudo wget -q -O /etc/apt/sources.list.d/cryptech.list https://apt.cryptech.is/sources.xenial.list + * For Ubuntu Bionic, do: - ``` - $ sudo apt-get update - ``` + sudo wget -q -O /etc/apt/sources.list.d/cryptech.list https://apt.cryptech.is/sources.bionic.list +* Update the package index. -* Install the `cryptech-alpha` package. + sudo apt-get update +* Install the `cryptech-alpha` package. - ``` - $ sudo apt-get install cryptech-alpha - ``` + sudo apt-get install cryptech-alpha ## Updating APT packages Once you've performed the steps above you should be able to upgrade to newer version of the code using the normal APT upgrade process: -``` -$ sudo apt-get update -$ sudo apt-get upgrade -``` + sudo apt-get update + sudo apt-get upgrade ## How to get Homebrew packages for Mac OS X -* Fetch and validate the repository key. Presumably you're security - concious (otherwise, why are you installing this stuff?), so you may - want to pay attention to what `gpg --check-sig` says here. - - - ``` - $ id=37A8E93F5D7E7B9A - $ gpg --recv-key $id - $ gpg --check-sig $id - ``` - - -* Configure Homebrew to use the repository. - - - ``` - $ brew tap cryptech/sw https://brew.cryptech.is/tap - ``` - - -* Update the package index. - +* Fetch and validate the repository key. Presumably you're security + concious (otherwise, why are you installing this stuff?), so you may + want to pay attention to what `gpg --check-sig` says here. - ``` - $ brew update - ``` + id=37A8E93F5D7E7B9A + gpg --recv-key $id + gpg --check-sig $id +* Configure Homebrew to use the repository. -* Check the commit signature on the cryptech-alpha package formula. - This is optional (Homebrew doesn't care whether you do this), but if - you want to know whether the formula was signed by the Cryptech - project, this is how to check. + brew tap cryptech/sw https://brew.cryptech.is/tap +* Update the package index. - ``` - $ brew log --max-count=1 --show-signature cryptech-alpha - ``` + brew update +* Check the commit signature on the cryptech-alpha package formula. + This is optional (Homebrew doesn't care whether you do this), but if + you want to know whether the formula was signed by the Cryptech + project, this is how to check. -* Install the `cryptech-alpha` package. At the moment, this is only - available as a Homebrew source package due to licensing issues in - the MacOS Xcode SDK, so the installation will probably take several - minutes, as some of the libraries are a bit slow to compile (sorry...). + brew log --max-count=1 --show-signature cryptech-alpha +* Install the `cryptech-alpha` package. At the moment, this is only + available as a Homebrew source package due to licensing issues in + the MacOS Xcode SDK, so the installation will probably take several + minutes, as some of the libraries are a bit slow to compile (sorry...). - ``` - $ brew install cryptech-alpha - ``` + brew install cryptech-alpha ## Updating Homebrew packages Once you've performed the steps above you should be able to upgrade to newer version of the code using the normal Homebrew upgrade process: -``` -$ brew update -$ brew upgrade -$ brew cleanup -``` + brew update + brew upgrade + brew cleanup diff --git a/content/BuildingFromSource.md b/content/BuildingFromSource.md index 40ea8ee..157d7e6 100644 --- a/content/BuildingFromSource.md +++ b/content/BuildingFromSource.md @@ -1,3 +1,4 @@ +Slug: BuildingFromSource Title: Building Cryptech Software/Firmware/Bitstream From Source Author: Rob Austein Date: 2017-05-13 17:47 diff --git a/content/CoretestHashesC5G.md b/content/CoretestHashesC5G.md index f3843e2..b50c556 100644 --- a/content/CoretestHashesC5G.md +++ b/content/CoretestHashesC5G.md @@ -1,3 +1,4 @@ +Slug: CoretestHashesC5G Title: How to start using coretest_hashes on the TerasIC C5G Board Date: 2016-12-15 22:43 Author: Joachim Strömbergson diff --git a/content/CoretestHashesNovena.md b/content/CoretestHashesNovena.md index 3bf3c90..dc9d734 100644 --- a/content/CoretestHashesNovena.md +++ b/content/CoretestHashesNovena.md @@ -1,3 +1,4 @@ +Slug: CoretestHashesNovena Title: How to start using coretest_hashes on the Novena PVT1 Date: 2016-12-15 22:44 Category: Novena diff --git a/content/DNSSEC-Requirements.md b/content/DNSSEC-Requirements.md index 20a7735..d651f48 100644 --- a/content/DNSSEC-Requirements.md +++ b/content/DNSSEC-Requirements.md @@ -1,3 +1,4 @@ +Slug: DNSSEC-Requirements Title: DNSSEC/Requirements Date: 2016-12-15 22:44 Category: DNSSEC diff --git a/content/DNSSEC.md b/content/DNSSEC.md index e32eaf2..4ad5c08 100644 --- a/content/DNSSEC.md +++ b/content/DNSSEC.md @@ -1,3 +1,4 @@ +Slug: DNSSEC Title: DNSSEC Date: 2016-12-15 22:43 Category: DNSSEC diff --git a/content/Dashboard.md b/content/Dashboard.md index 5ac8872..223c204 100644 --- a/content/Dashboard.md +++ b/content/Dashboard.md @@ -1,3 +1,4 @@ +Slug: Dashboard Title: Project Status Dashboard Date: 2016-12-15 22:44 diff --git a/content/DevBridgeBoard.md b/content/DevBridgeBoard.md index 6e3e837..58763a7 100644 --- a/content/DevBridgeBoard.md +++ b/content/DevBridgeBoard.md @@ -1,3 +1,4 @@ +Slug: DevBridgeBoard Title: dev-bridge board Author: Paul Selkirk Date: 2016-12-15 22:43 diff --git a/content/DevelopersGuide.md b/content/DevelopersGuide.md index 4d3a87a..3dbbbaf 100644 --- a/content/DevelopersGuide.md +++ b/content/DevelopersGuide.md @@ -1,3 +1,4 @@ +Slug: DevelopersGuide Title: Developers' Guide Date: 2016-12-15 22:39 diff --git a/content/DisasterRecovery.md b/content/DisasterRecovery.md index 299f88e..b2572e7 100644 --- a/content/DisasterRecovery.md +++ b/content/DisasterRecovery.md @@ -1,3 +1,4 @@ +Slug: DisasterRecovery Title: Disaster Recovery on the Alpha Board Author: Paul Selkirk Date: 2017-05-13 00:30 diff --git a/content/DocMeet.md b/content/DocMeet.md index 1c87dd0..06d3ea5 100644 --- a/content/DocMeet.md +++ b/content/DocMeet.md @@ -1,3 +1,4 @@ +Slug: DocMeet Title: Documents, Meetings, etc. Date: 2016-12-15 22:39 Category: Workshops diff --git a/content/Documents.md b/content/Documents.md index 9a2549e..5fff17d 100644 --- a/content/Documents.md +++ b/content/Documents.md @@ -1,3 +1,4 @@ +Slug: Documents Title: Presentations and Design Documents Date: 2016-12-15 22:43 diff --git a/content/EDAToolchainSurvey.md b/content/EDAToolchainSurvey.md index 287d5af..f166439 100644 --- a/content/EDAToolchainSurvey.md +++ b/content/EDAToolchainSurvey.md @@ -1,3 +1,4 @@ +Slug: EDAToolchainSurvey Title: EDA Toolchain Survey Date: 2016-12-15 22:43 diff --git a/content/ExternalProjects.md b/content/ExternalProjects.md index 5584ed5..037efe9 100644 --- a/content/ExternalProjects.md +++ b/content/ExternalProjects.md @@ -1,3 +1,4 @@ +Slug: ExternalProjects Title: External Projects Date: 2018-09-17 10:12 Modified: 2018-09-17 10:27 diff --git a/content/ExternalProjectsTorHSM.md b/content/ExternalProjectsTorHSM.md index 29aedf3..ec42dc2 100644 --- a/content/ExternalProjectsTorHSM.md +++ b/content/ExternalProjectsTorHSM.md @@ -1,3 +1,4 @@ +Slug: ExternalProjectsTorHSM Title: External Project Tor HSM Author: Linus Nordberg Date: 2018-09-17 10:26 diff --git a/content/GettingStartedNovena.md b/content/GettingStartedNovena.md index 103c656..4f86f7c 100644 --- a/content/GettingStartedNovena.md +++ b/content/GettingStartedNovena.md @@ -1,3 +1,4 @@ +Slug: GettingStartedNovena Title: Getting Started on the Novena Date: 2016-12-15 22:44 Category: Novena diff --git a/content/Hardware.md b/content/Hardware.md index f2feb84..bb1fad7 100644 --- a/content/Hardware.md +++ b/content/Hardware.md @@ -1,3 +1,4 @@ +Slug: Hardware Title: Cryptech Hardware Date: 2016-12-15 22:43 Category: Hardware diff --git a/content/InterconnectStandards.md b/content/InterconnectStandards.md index 2710ebb..167e877 100644 --- a/content/InterconnectStandards.md +++ b/content/InterconnectStandards.md @@ -1,3 +1,4 @@ +Slug: InterconnectStandards Title: Comparison of On-Chip Bus Standards Date: 2016-12-15 22:44 diff --git a/content/Joachim Strömbergson.md b/content/Joachim Strömbergson.md index 77475a6..a849872 100644 --- a/content/Joachim Strömbergson.md +++ b/content/Joachim Strömbergson.md @@ -1,3 +1,4 @@ +Slug: Joachim Strömbergson Title: Joachim Strömbergson Author: Joachim Strömbergson Date: 2016-12-15 22:54 diff --git a/content/MailingLists.md b/content/MailingLists.md index 696b9c4..87e5815 100644 --- a/content/MailingLists.md +++ b/content/MailingLists.md @@ -1,3 +1,4 @@ +Slug: MailingLists Title: Mailing Lists Date: 2016-12-15 22:39 diff --git a/content/MiscStuff.md b/content/MiscStuff.md index b57cde1..237f249 100644 --- a/content/MiscStuff.md +++ b/content/MiscStuff.md @@ -1,3 +1,4 @@ +Slug: MiscStuff Title: References & Miscellaneous Date: 2016-12-15 22:39 diff --git a/content/NoisyDiode.md b/content/NoisyDiode.md index d56ce3a..be8f91d 100644 --- a/content/NoisyDiode.md +++ b/content/NoisyDiode.md @@ -1,3 +1,4 @@ +Slug: NoisyDiode Title: Noisy Diode entropy source Date: 2016-12-15 22:44 Category: TRNG diff --git a/content/OpenCryptoChip.md b/content/OpenCryptoChip.md index 21cf356..b89a2c6 100644 --- a/content/OpenCryptoChip.md +++ b/content/OpenCryptoChip.md @@ -1,3 +1,4 @@ +Slug: OpenCryptoChip Title: An Open Crypto Chip Date: 2016-12-15 22:44 diff --git a/content/OpenDNSSEC.md b/content/OpenDNSSEC.md index e18f3cc..0f0293b 100644 --- a/content/OpenDNSSEC.md +++ b/content/OpenDNSSEC.md @@ -1,3 +1,4 @@ +Slug: OpenDNSSEC Title: DNSSEC signing using OpenDNSSEC and a Cryptech alpha board rev03 Author: Rob Austein Date: 2016-12-15 22:43 diff --git a/content/PKCS11Proxy.md b/content/PKCS11Proxy.md index c845377..469aaca 100644 --- a/content/PKCS11Proxy.md +++ b/content/PKCS11Proxy.md @@ -1,3 +1,4 @@ +Slug: PKCS11Proxy Title: PKCS11 Proxy Date: 2016-12-15 22:44 Category: Novena diff --git a/content/Pelican.md b/content/Pelican.md index 932de00..912dd7e 100644 --- a/content/Pelican.md +++ b/content/Pelican.md @@ -1,3 +1,4 @@ +Slug: Pelican Date: 2021-10-07 18:55 Title: Trac Wiki converted to Pelican Markdown diff --git a/content/PostAlphaPlan.md b/content/PostAlphaPlan.md index 2f38853..8d75d2e 100644 --- a/content/PostAlphaPlan.md +++ b/content/PostAlphaPlan.md @@ -1,3 +1,4 @@ +Slug: PostAlphaPlan Title: Post Alpha Plan Author: Paul Selkirk Date: 2016-12-15 22:44 diff --git a/content/PrahaWorkshop.md b/content/PrahaWorkshop.md index 2840629..e350503 100644 --- a/content/PrahaWorkshop.md +++ b/content/PrahaWorkshop.md @@ -1,3 +1,4 @@ +Slug: PrahaWorkshop Title: CrypTech Workshop, Praha, 18 July 2015 Date: 2016-12-15 22:44 Category: Workshops diff --git a/content/PrahaWorkshopSSH.md b/content/PrahaWorkshopSSH.md index a99ff3d..04f2a84 100644 --- a/content/PrahaWorkshopSSH.md +++ b/content/PrahaWorkshopSSH.md @@ -1,3 +1,4 @@ +Slug: PrahaWorkshopSSH Title: Praha Workshop SSH keys Date: 2016-12-15 22:43 Category: Workshops diff --git a/content/ProjectArchive.md b/content/ProjectArchive.md index 59e8f6a..0bc3eef 100644 --- a/content/ProjectArchive.md +++ b/content/ProjectArchive.md @@ -1,3 +1,4 @@ +Slug: ProjectArchive Title: Project Archive and Far Future Planning Date: 2016-12-15 22:44 diff --git a/content/ProjectManagement.md b/content/ProjectManagement.md index 64b4931..86dd08c 100644 --- a/content/ProjectManagement.md +++ b/content/ProjectManagement.md @@ -1,3 +1,4 @@ +Slug: ProjectManagement Title: Project Management Date: 2016-12-15 22:44 diff --git a/content/ProjectMetadata.md b/content/ProjectMetadata.md index 1568cc7..4bdbfe8 100644 --- a/content/ProjectMetadata.md +++ b/content/ProjectMetadata.md @@ -1,3 +1,4 @@ +Slug: ProjectMetadata Title: Project Metadata Date: 2016-12-15 22:43 diff --git a/content/ProjectStatus.md b/content/ProjectStatus.md index f33b2df..d32a9bb 100644 --- a/content/ProjectStatus.md +++ b/content/ProjectStatus.md @@ -1,3 +1,4 @@ +Slug: ProjectStatus Title: Project Status Date: 2016-12-15 22:44 diff --git a/content/QuickStart.md b/content/QuickStart.md index 3f1fbaf..3b61f4a 100644 --- a/content/QuickStart.md +++ b/content/QuickStart.md @@ -1,3 +1,4 @@ +Slug: QuickStart Title: Quick Start Date: 2016-12-15 22:43 Modified: 2017-05-13 20:39 diff --git a/content/RandomnessTesting.md b/content/RandomnessTesting.md index fac6702..eeae3dd 100644 --- a/content/RandomnessTesting.md +++ b/content/RandomnessTesting.md @@ -1,3 +1,4 @@ +Slug: RandomnessTesting Title: Randomness Testing Tools Date: 2016-12-15 22:43 Category: TRNG diff --git a/content/RelatedWork.md b/content/RelatedWork.md index 711e4ec..5b5ceb2 100644 --- a/content/RelatedWork.md +++ b/content/RelatedWork.md @@ -1,3 +1,4 @@ +Slug: RelatedWork Title: Related Work Date: 2016-12-15 22:44 diff --git a/content/ReleaseNotes.md b/content/ReleaseNotes.md index d9876de..10a72c6 100644 --- a/content/ReleaseNotes.md +++ b/content/ReleaseNotes.md @@ -1,3 +1,4 @@ +Slug: ReleaseNotes Title: Release Notes Author: Rob Austein Date: 2017-05-13 19:06 diff --git a/content/Requirements.md b/content/Requirements.md index c0e4d8c..f5ea3a0 100644 --- a/content/Requirements.md +++ b/content/Requirements.md @@ -1,3 +1,4 @@ +Slug: Requirements Title: HSM Requirements Date: 2016-12-15 22:39 diff --git a/content/RoughV1.md b/content/RoughV1.md index 9a48963..0e1a7d6 100644 --- a/content/RoughV1.md +++ b/content/RoughV1.md @@ -1,3 +1,4 @@ +Slug: RoughV1 Title: Rough Cut at v0.01 Proof of Concept Feature Set Date: 2016-12-15 22:43 Modified: 2021-02-14 17:33 diff --git a/content/SecureChannel.md b/content/SecureChannel.md index 6a40c63..a8bca04 100644 --- a/content/SecureChannel.md +++ b/content/SecureChannel.md @@ -1,3 +1,4 @@ +Slug: SecureChannel Title: Secure Channel Author: Rob Austein Date: 2017-07-27 00:24 @@ -13,57 +14,42 @@ pieces are still missing. Basic design goals: +* End-to-end between client library and HSM. -* End-to-end between client library and HSM. +* Not require yet another presentation layer if we can avoid it (so, + reuse XDR if possible, unless we have some strong desire to switch + to something else). +* Provide end-to-end message integrity between client library and HSM. +* Provide end-to-end message confidentiality between client library + and HSM. We only need this for a few operations, but between PINs + and private keys it would be simpler just to provide it all the + time than to be selective. -* Not require yet another presentation layer if we can avoid it (so, - reuse XDR if possible, unless we have some strong desire to switch - to something else). +* Provide some form of mutual authentication between client library + and HSM. This is tricky, since it requires either configuration + (of the other party's authenticator) or leap-of-faith. + Leap-of-faith is probably good enough for most of what we really + care about (insuring that we're talking to the same dog now as we + were earlier). + Not 100% certain we need this at all, but if we're going to leave + ourselves wide open to monkey-in-the-middle attacks, there's not + much point in having a secure channel at all. +* Use boring simple crypto that we already have (or almost have) and + which runs fast. -* Provide end-to-end message integrity between client library and HSM. - - - -* Provide end-to-end message confidentiality between client library - and HSM. We only need this for a few operations, but between PINs - and private keys it would be simpler just to provide it all the time - than to be selective. - - - -* Provide some form of mutual authentication between client library - and HSM. This is tricky, since it requires either configuration (of - the other party's authenticator) or leap-of-faith. Leap-of-faith is - probably good enough for most of what we really care about (insuring - that we're talking to the same dog now as we were earlier). - - - Not 100% certain we need this at all, but if we're going to leave - ourselves wide open to monkey-in-the-middle attacks, there's not - much point in having a secure channel at all. - - -* Use boring simple crypto that we already have (or almost have) and - which runs fast. - - - -* Continue to support multiplexer. Taken together with end-to-end - message confidentiality, this may mean two layers of headers: an - outer set which the multiplexer is allowed to mutate, then an inner - set which is protected. Better, though, would be if the multiplexer - can work just by reading the outer headers without modifying - anything. - - - -* Simple enough that we can implement it easily in HSM, PKCS #11 - library, and Python library. +* Continue to support multiplexer. Taken together with end-to-end + message confidentiality, this may mean two layers of headers: an + outer set which the multiplexer is allowed to mutate, then an + inner set which is protected. Better, though, would be if the + multiplexer can work just by reading the outer headers without + modifying anything. +* Simple enough that we can implement it easily in HSM, PKCS #11 + library, and Python library. ## Why not TLS? @@ -84,14 +70,12 @@ tweaked in places to fit tools we have readily available. Toolkit: - * AES * SHA-2 * ECDH * ECDSA * XDR - As in the book, there are two layers here: the basic secure channel, moving encrypted-and-authenticated frames back and forth, and a higher level which handles setup, key agreement, and endpoint authentication. @@ -165,18 +149,13 @@ doing at all, etc. Maybe clients just shouldn't do that. ## Open issues +* Does the resulting design pass examination by clueful people? -* Does the resulting design pass examination by clueful people? - - - -* Does this end up still being significantly simpler than TLS? - - +* Does this end up still being significantly simpler than TLS? -* The Cryptography Engineering protocols include a hack to work around - a length extension weakness in SHA-2 (see section 5.4.2). Do we - need this? Would we be better off using SHA-3 instead? The book - claims that SHA-3 was expected to fix this, but that was before NIST - pissed away their reputation by getting too cosy with the NSA again. - Over my head, ask somebody with more clue. +* The Cryptography Engineering protocols include a hack to work + around a length extension weakness in SHA-2 (see section 5.4.2). + Do we need this? Would we be better off using SHA-3 instead? The + book claims that SHA-3 was expected to fix this, but that was + before NIST pissed away their reputation by getting too cosy with + the NSA again. Over my head, ask somebody with more clue. diff --git a/content/SideChannel.md b/content/SideChannel.md index f293753..426766e 100644 --- a/content/SideChannel.md +++ b/content/SideChannel.md @@ -1,3 +1,4 @@ +Slug: SideChannel Title: Side Channel Attacks Date: 2016-12-15 22:44 diff --git a/content/StateOfPlay.md b/content/StateOfPlay.md index 6d833c8..94aa224 100644 --- a/content/StateOfPlay.md +++ b/content/StateOfPlay.md @@ -1,3 +1,4 @@ +Slug: StateOfPlay Title: A Completely Informal Snapshot Of The Current State Of The Cryptech Project As Of 2014-11-06 Date: 2014-11-06 Updated: 2016-12-15 diff --git a/content/SunetInitialDevelopment.md b/content/SunetInitialDevelopment.md index af63692..8e65b93 100644 --- a/content/SunetInitialDevelopment.md +++ b/content/SunetInitialDevelopment.md @@ -1,3 +1,4 @@ +Slug: SunetInitialDevelopment Title: Planning for SUNET funded Cryptech Work Date: 2016-12-15 22:43 diff --git a/content/TRNGDevelopment.md b/content/TRNGDevelopment.md index f29e1f0..18b6728 100644 --- a/content/TRNGDevelopment.md +++ b/content/TRNGDevelopment.md @@ -1,3 +1,4 @@ +Slug: TRNGDevelopment Title: TRNG Development Date: 2016-12-15 22:44 Category: TRNG diff --git a/content/UpgradeToKSNG.md b/content/UpgradeToKSNG.md index d79a5fb..1d63c9c 100644 --- a/content/UpgradeToKSNG.md +++ b/content/UpgradeToKSNG.md @@ -1,3 +1,4 @@ +Slug: UpgradeToKSNG Title: Upgrading Cryptech Alpha HSM to "ksng" development package Author: Rob Austein Date: 2016-12-22 22:33 diff --git a/content/Upgrading.md b/content/Upgrading.md index b87038b..aab29b1 100644 --- a/content/Upgrading.md +++ b/content/Upgrading.md @@ -1,3 +1,4 @@ +Slug: Upgrading Title: Upgrading the Cryptech Alpha HSM Date: 2017-05-12 23:15 Modified: 2018-04-07 23:03 diff --git a/content/UsingSTLink.md b/content/UsingSTLink.md index a8cbda8..d8585de 100644 --- a/content/UsingSTLink.md +++ b/content/UsingSTLink.md @@ -1,3 +1,4 @@ +Slug: UsingSTLink Title: Using ST-Link on the Alpha Board Author: Joachim Strömbergson Date: 2017-05-13 03:37 diff --git a/content/WhoWeAre.md b/content/WhoWeAre.md index 6ad3edb..1377257 100644 --- a/content/WhoWeAre.md +++ b/content/WhoWeAre.md @@ -1,3 +1,4 @@ +Slug: WhoWeAre Title: Who We Are Date: 2016-12-15 22:43 Category: People diff --git a/content/WikiStart.md b/content/WikiStart.md index 20321dc..ab4fd92 100644 --- a/content/WikiStart.md +++ b/content/WikiStart.md @@ -1,3 +1,4 @@ +Slug: WikiStart Title: Welcome to the Cryptech Project Date: 2016-12-15 20:46 Modified: 2017-05-13 20:30 diff --git a/pelicanconf.py b/pelicanconf.py index 935b531..c974eb5 100644 --- a/pelicanconf.py +++ b/pelicanconf.py @@ -55,3 +55,24 @@ PLUGINS = ["m.htmlsanity"] # Per https://docs.getpelican.com/en/latest/faq.html#how-can-i-use-a-static-page-as-my-home-page INDEX_SAVE_AS = "pelican-index.html" + +# https://docs.getpelican.com/en/stable/settings.html#url-settings +# Fiddle with names to so that /Foo will do the right thing even when +# /Foo/ is a directory with supporting content. + +ARTICLE_URL = "{slug}" +ARTICLE_SAVE_AS = "{slug}/index.html" +PAGE_URL = "pages/{slug}" +PAGE_SAVE_AS = "pages/{slug}/index.html" + +# Enable Markdown tables support. + +MARKDOWN = { + "extension_configs": { + "markdown.extensions.codehilite": {"css_class": "highlight"}, + "markdown.extensions.extra": {}, + "markdown.extensions.meta": {}, + "markdown.extensions.tables": {}, + }, + "output_format": "html5", +} |