From 25516fcd7fe1ca9e81094388e72a6749164b2f24 Mon Sep 17 00:00:00 2001 From: Anton Livaja Date: Sun, 4 Aug 2024 14:31:08 -0400 Subject: [PATCH] fix: specify smart cards must have openpgp ed25519 support --- quorum-key-management/src/hardware.md | 15 +++++++++++++-- quorum-key-management/src/locations.md | 2 +- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/quorum-key-management/src/hardware.md b/quorum-key-management/src/hardware.md index 990bf92..4c8dc5c 100644 --- a/quorum-key-management/src/hardware.md +++ b/quorum-key-management/src/hardware.md @@ -46,12 +46,23 @@ is the following: Smart Cards are primarily used for storing OpenPGP cryptographic keys which are used as a building block for security controls. These smart cards hold OpenPGP -keys which are derived in secure environments. FIPS 140-2 is required but the -end user may choose their manufacturer. +keys which are derived in secure environments. + +There are two primary requirements for smart cards: + +* FIPS 140-2 + +* Support for Ed25519 OpenPGP + +* Touch for enacting operations + +Some options include: * NitroKey 3 - because of its open source approach which helps improve the overall security of the products + * YubiKey 5 - because of the widespread use and battle-tested reliability + * Librem Key - because of the manufacturer's approach to hardware supply chain security and verifiable software diff --git a/quorum-key-management/src/locations.md b/quorum-key-management/src/locations.md index ba584a9..77dc795 100644 --- a/quorum-key-management/src/locations.md +++ b/quorum-key-management/src/locations.md @@ -50,7 +50,7 @@ standard NATO SDIP-27 Level A * SHOULD be organizations which are ideally immune to being legally subpoenaed -* SHOULD not be susceptible to being subpoenaed +* SHOULD NOT be susceptible to being subpoenaed ## Storage Location