n-of-m threshold scheme

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

n-of-m threshold scheme

Andreas Schwier (ML)
Hi list,

to satisfy enhanced key management requirements, we've added a n-of-m
threshold scheme to the sc-hsm-tool.

Using this scheme you can place the SmartCard-HSM's Device Key
Encryption Key under sole control of m key custodians from which n can
together reconstruct the secret key.

The scheme provides for even better security than the DKEK share
mechanism already available in the 0.13 version. Under the new scheme, a
lost share does not mean a complete loss of the secret key. A lost share
just reduces the number of available key custodians and has no impact on
the DKEK unless less than n share are left available.

The code is available in our repository at GITHUB [1] and a pull request
has been created to move the code into the OpenSC master branch.


Kind regards,


Andreas

[1] https://github.com/CardContact/OpenSC

--

    ---------    CardContact Software & System Consulting
   |.##> <##.|   Andreas Schwier
   |#       #|   Sch├╝lerweg 38
   |#       #|   32429 Minden, Germany
   |'##> <##'|   Phone +49 571 56149
    ---------    http://www.cardcontact.de
                 http://www.tscons.de
                 http://www.openscdp.org


------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: n-of-m threshold scheme

Andreas Schwier (ML)
For those of you interested to understand the SmartCard-HSM's key backup
and restore mechanism using a n-of-m threshold scheme we've provided a
step-by-step tutorial at [1].

Andreas

[1]
https://github.com/OpenSC/OpenSC/wiki/SmartCardHSM#using-key-backup-and-restore

Am 07.02.2013 15:29, schrieb Andreas Schwier (ML):

> Hi list,
>
> to satisfy enhanced key management requirements, we've added a n-of-m
> threshold scheme to the sc-hsm-tool.
>
> Using this scheme you can place the SmartCard-HSM's Device Key
> Encryption Key under sole control of m key custodians from which n can
> together reconstruct the secret key.
>
> The scheme provides for even better security than the DKEK share
> mechanism already available in the 0.13 version. Under the new scheme, a
> lost share does not mean a complete loss of the secret key. A lost share
> just reduces the number of available key custodians and has no impact on
> the DKEK unless less than n share are left available.
>
> The code is available in our repository at GITHUB [1] and a pull request
> has been created to move the code into the OpenSC master branch.
>
>
> Kind regards,
>
>
> Andreas
>
> [1] https://github.com/CardContact/OpenSC
>


--

    ---------    CardContact Software & System Consulting
   |.##> <##.|   Andreas Schwier
   |#       #|   Sch├╝lerweg 38
   |#       #|   32429 Minden, Germany
   |'##> <##'|   Phone +49 571 56149
    ---------    http://www.cardcontact.de
                 http://www.tscons.de
                 http://www.openscdp.org


------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel