Attestation of public keys to authenticate Keyfork shard requests #23
Labels
No Label
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: public/keyfork#23
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Target: Keyfork headless enclave
Sign public keys using an attestation certificate known by shardholders, whose private key is only accessible in the enclave.
Generate ephemeral keys using TPM2 API, have operators perform attestation when they generate the QR code to use for airgap machine.
NOTE: attested ephemeral key replay attacks are not a concern as the TPM is trusted to not leak private key data.