On 08/19/2009 12:55 AM, Marc Kaeser wrote:
Thanks, that's a super answer!
But what do you think, instead of implementing another module, if I
encrypted the whole softoken-database with a binding or sealing key,
wouldn't it have the same effect?
That would require mucking with softoken, which is generally off-limits
[Frozen for FIPS]. It would also be an incompatible change in the
database format, which is not likely to be accepted even if the module
was unfrozen.
Instead of storing the tokens in the TPM itself, they'd be on disk,
but protected by a tpm key. I could just press a button "off" or "on"
in order to have my tokens protected.
Indirectly, that would also bind (or seal) my login credentials to the
machine.
This idea, is doable, as a separate module. Nominclature note:
- Modules are PKCS #11 shared libraries (implementing PKCS #11 v2.0
or higher). Modules support zero or more slots.
- Slots logically represent some physical or logical reader in
which tokens can be inserted. Slots can have zero or one token.
- Tokens do crypto operations and store keys and certs. In the case
of hardware, slots usually represent physical readers, and tokens
represent devices plugged into those readers. In the case of software
(logical) devices, slots and tokens are usually one-for-one and
sometimes described synonymously. Tokens are not keys.
With that in mind, you can store keys on disk protected by the tpm key,
which simply having the state 'protected' or 'not'. This can still be
handled with Login/Logout. PKCS #11 has a notion of 'Protected PIN
path', where your PIN is not presented through the application, but
instead some 'invisible to the application' authentication happens (like
sticking your thumb on the token or reader, or typing a pin in the key
pad). You could do whatever TPM authentication action at this point. If
the TPM authentication doesn't require user interaction, you could also
make your token "Always logged in" and provide the keys if the TPM was
properly authenticated, otherwise the keys are unavailable (e.i. not
even visible).
By the way, do you know which interface manages database-storage of
those tokens?
NSS has a utility called 'modutil'. Firefox/thunderbird can also manage
these through the security manager. You will need to make some
modifications to SDR to be able to use a token other than softoken to
store SDR keys, but it shouldn't be too difficult, the underlying system
understands multiple tokens.
Thanks
Marc
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
