87 lines
4.2 KiB
Markdown
87 lines
4.2 KiB
Markdown
# Equipment
|
|
|
|
This page describes different equipment which is required, and makes opinionated
|
|
recommendations as well as alternatives. One may improve the overall security
|
|
of their system by using a variety of hardware in order to benefit from their
|
|
diversity, by reducing the likelihood that all hardware has suffered the same
|
|
kind of hardware supply chain compromise, has the same vulnerability present, or
|
|
has the same type of hardware failure issue.
|
|
|
|
Based on the decided upon [Quorum](selecting-quorum.md), the amount of equipment
|
|
required to set up a [QKMS](glossary.md#quorum-key-management-system-qkms) will
|
|
vary. In order to figure out what equipment is required, decide on a Quorum,
|
|
which is expressed as "N of M". Once you know your M, the required equipment list
|
|
is the following:
|
|
|
|
* M x 4 Smart Cards
|
|
|
|
* It is recommended to use two Smart Cards for storing each key pair
|
|
|
|
* Ideally two different types of hardware are used in order to reduce the
|
|
risk of simultaneous failure
|
|
|
|
* At least 1 Smart Card is required for each Operator Key and 1 Smart Card
|
|
for each Location Key
|
|
|
|
* The number of Operator Keys is M, and the number of Location Keys is also
|
|
M, hence the minimum of 2 x M Smart Cards, with the recommendation of using
|
|
two smart cards for each, resulting in 4 x M Smart Cards
|
|
|
|
* 2 + X Storage Devices
|
|
|
|
* 1 Storage Device for [AirgapOS](repeat-use-airgapos.md)
|
|
|
|
* 1 Storage Device for storing [Public Ceremony Artifacts](public-ceremony-artifact-storage)
|
|
|
|
* X, or *any* number of additional Storage Devices to duplicate the data, a
|
|
good measure would be to have at least 3 Storage Devices for the ceremony
|
|
|
|
* Librem 14 Laptop
|
|
|
|
* Get as many laptops as desired to satisfy your operational needs
|
|
|
|
* For each Librem 14, get a Librem Smart Card used for [PureBoot](initialize-pureboot-smart-card.md)
|
|
|
|
## Smart Cards
|
|
Smart Cards are primarily used for storing OpenPGP cryptographic keys which are
|
|
used as a building block for security controls. These smart cards hold OpenPGP
|
|
keys which are derived in secure environments. FIPS 140-2 is required but the
|
|
end user may choose their manufacturer.
|
|
|
|
* NitroKey 3 - because of its open source approach which helps improve the
|
|
overall security of the products
|
|
* YubiKey 5 - because of the widespread use and battle-tested reliability
|
|
* Librem Key - because of the manufacturer's approach to hardware supply chain
|
|
security and verifiable software
|
|
|
|
## Air-Gapped Computer
|
|
[Air-Gapped](glossary.md#Air-Gapped) computers are used for the lifecycle management
|
|
of cryptographic material that is part of the QKMS.
|
|
|
|
The primary hardware recommendation for a Air-Gapped Cmputer is the [Librem 14](https://puri.sm/products/librem-14/), manufactured by [Purism](puri.sm). Purism specializes in reducing hardware and
|
|
firmware security risks, especially via their [Anti-Interdiction Service](https://puri.sm/posts/anti-interdiction-services/) and [PureBoot](https://docs.puri.sm/PureBoot.html)
|
|
and as such is an excellent choice for hardware which high integrity assurance is
|
|
required for.
|
|
|
|
#### Alternative
|
|
|
|
An alternative approach is to use an off-the-shelf computer that is randomly
|
|
selected right before the ceremony, removing the radio cards from it, using it
|
|
to conduct a Ceremony, and then destroying the laptop using sufficiently
|
|
adequate method to ensure that no data forensics can be used to recover the data
|
|
from the drive, or memory. This can be achieved by using a combination of
|
|
incineration, degaussing, shredding and drilling. Special care should be taken
|
|
to completely destroy all components of the computer that are able to store data,
|
|
even if it's only in ephemeral form as some forensic methods all extraction of
|
|
data from components with "temporary memory".
|
|
|
|
Three letter agencies are known to collect and exploit physical destroyed drives,
|
|
as data can still be extracted from them using methods such as electron
|
|
microscopy, therefore a combination of degaussing, shredding and burning should
|
|
be used, and the remaining debris should be spread out across multiple disposal
|
|
locations.
|
|
|
|
## Storage Device
|
|
Can be an SD Card or USB Drive but should be procured from a vendor with
|
|
a good reputation, and ideally hardware of industrial grade should be prioritized.
|