public
/
keyfork
5
0
Fork 0
Code Issues 29 Pull Requests 2 Packages Projects Releases Wiki Activity

Attestation of public keys to authenticate Keyfork shard requests #23

New Issue
Open
opened 2024-01-25 06:32:54 +00:00 by ryan · 2 comments
ryan commented 2024-01-25 06:32:54 +00:00
Owner
Copy Link

Target: Keyfork headless enclave

Sign public keys using an attestation certificate known by shardholders, whose private key is only accessible in the enclave.

Target: Keyfork headless enclave Sign public keys using an attestation certificate known by shardholders, whose private key is only accessible in the enclave.
ryan commented 2024-02-02 09:04:52 +00:00
Author
Owner
Copy Link

Generate ephemeral keys using TPM2 API, have operators perform attestation when they generate the QR code to use for airgap machine.

NOTE: attested ephemeral key replay attacks are not a concern as the TPM is trusted to not leak private key data.

Generate ephemeral keys using TPM2 API, have operators perform attestation when they generate the QR code to use for airgap machine. NOTE: attested ephemeral key replay attacks are not a concern as the TPM is trusted to not leak private key data.
lrvick added this to the Custody Framework project 2024-11-25 10:21:10 +00:00
ryan commented 2025-08-25 20:17:53 +00:00
Author
Owner
Copy Link

Potential idea:

The enclave should be in control of an in-memory singing key. It should be provided, along with the nonce, to the attestation document request as user data. Then, when a bootproof-compatible enclave client connects, they can send a nonce, and receive the attestation document with both the requested nonce and the public key used for signing.

Potential idea: The enclave should be in control of an in-memory singing key. It should be provided, along with the nonce, to the attestation document request as user data. Then, when a bootproof-compatible enclave client connects, they can send a nonce, and receive the attestation document with both the requested nonce and the public key used for signing.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
main
ryansquared/test-unthreaded-scan
ryansquared/test-threaded-scan
add-checksum-functionality
anton/add-deps-to-readme
ryansquared/staging-since-latest
ryansquared/quick-and-dirty-prompt
ryan/use-instant-time-qrcode
ryan/old-static-retain-for-stagex
ryan/recover-shardholder-hardware
ryan/keyfork-shard/reuse-prompt-handler
ryan/keyfork-shard-reuse-prompt-handler
ryan/optimize-hunk
ryan/cargo-update
keyfork-derive-openpgp-v0.2.0
keyfork-v0.3.4
keyfork-qrcode-v0.1.4
keyfork-prompt-v0.2.4
keyfork-zbar-sys-v0.1.1
keyfork-crossterm-ioctl-shim-v0.1.0
keyfork-shard-v0.3.4
keyfork-prompt-v0.2.3
keyfork-v0.3.3
keyfork-v0.3.2
keyfork-shard-v0.3.3
keyfork-v0.3.1
keyfork-zbar-v0.1.2
keyfork-shard-v0.3.2
keyfork-qrcode-v0.1.3
keyfork-prompt-v0.2.2
keyfork-bug-v0.1.1
keyfork-v0.3.0
keyfork-shard-v0.3.1
keyforkd-v0.1.4
keyfork-tests-v0.1.0
keyfork-prompt-v0.2.1
keyfork-derive-openpgp-v0.1.5
keyfork-v0.2.6
keyforkd-client-v0.2.2
keyforkd-v0.1.3
keyfork-zbar-v0.1.1
keyfork-shard-v0.3.0
keyfork-qrcode-v0.1.2
keyfork-prompt-v0.2.0
keyfork-mnemonic-v0.4.1
keyfork-entropy-v0.1.2
keyfork-derive-util-v0.2.2
keyfork-derive-path-data-v0.1.3
keyfork-derive-openpgp-v0.1.4
keyfork-derive-key-v0.1.2
keyfork-crossterm-v0.27.2
keyfork-v0.2.5
keyforkd-client-v0.2.1
keyforkd-v0.1.2
keyfork-shard-v0.2.3
keyfork-prompt-v0.1.2
keyfork-mnemonic-v0.4.0
keyfork-derive-util-v0.2.1
keyfork-derive-path-data-v0.1.2
keyfork-derive-openpgp-v0.1.3
keyfork-v0.2.4
keyfork-shard-v0.2.2
keyfork-v0.2.3
keyfork-derive-openpgp-v0.1.2
keyfork-v0.2.2
keyforkd-models-v0.2.0
keyforkd-client-v0.2.0
keyforkd-v0.1.1
keyfork-shard-v0.2.0
keyfork-qrcode-v0.1.1
keyfork-prompt-v0.1.1
keyfork-mnemonic-util-v0.3.0
keyfork-entropy-v0.1.1
keyfork-derive-util-v0.2.0
keyfork-derive-path-data-v0.1.1
keyfork-derive-openpgp-v0.1.1
keyfork-derive-key-v0.1.1
keyfork-v0.2.0
keyfork-v0.1.0
smex-v0.1.0
keyfork-bug-v0.1.0
keyfork-bin-v0.1.0
keyfork-slip10-test-data-v0.1.0
keyfork-derive-util-v0.1.0
keyfork-frame-v0.1.0
keyforkd-models-v0.1.0
keyforkd-client-v0.1.0
keyfork-derive-openpgp-v0.1.0
keyfork-entropy-v0.1.0
keyfork-crossterm-v0.27.1
keyfork-prompt-v0.1.0
keyfork-zbar-sys-v0.1.0
keyfork-zbar-v0.1.0
keyfork-qrcode-v0.1.0
keyfork-shard-v0.1.0
keyfork-derive-path-data-v0.1.0
keyforkd-v0.1.0
keyfork-derive-key-v0.1.0
keyfork-mnemonic-util-v0.2.0
keyfork-mnemonic-util-v0.1.0
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Custody Framework
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: public/keyfork#23
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?