Authenticating info on a "compromizable" system
Jean-François Dagenais
jeff.dagenais at gmail.com
Tue Nov 20 04:57:13 CET 2012
Hi all,
BTW, I am a seasonned programmer, systems designer and kernel hacker but totally
new to cryptography. I am in the process of trying to absorb information right
now about gpg...
I would like to shortcut to my destination faster however. Hope someone can give
some clues and/or directions.
We have a linux embedded system (yocto based) which, once into the wild, can
essentially be considered compromizable, i.e. root access, replace kernel,
software, etc.
We write information in EEPROMs which are located on 2-3 components (physical
electronic boards) in the system. The information is of the kind: - product id
number - board serial number - unit serial number - etc.
I want to sign the content somehow (not encrypt it, it's not sensitive info) so
that the running software (which could be compromized remember) can authenticate
the information as coming from the company, it's production crew, or authorized
resellers which may have to perform board swapping and such.
Authentication ensures we can detect system tempering honour software options,
warranty and such. Of course we want to make it hard for attackers to fake this,
it doesn't have to be bullet-proof.
I thought of generating a key for this purpose, call it "Production key", with a
passphrase on it. Authorized people are given the passphrase. And the software
has the public key obfuscated in its bowels. Rotate the obfuscation on each
update release to mess with the attacker.
This is too simple to be useable I imaging, hence reaching out to the mailing
list.
As a side question, if the "Production key" pgp key-pair has a passphrase on it,
can it's .gnupg dir with the trustdb.gpg be out in the wild? I ask because the
EEPROM update tool might have be distributed with the system.
Thanks for the pointers... until then, I will go back to scanning the
documentation for clues ;)
/jfd
More information about the Gnupg-users
mailing list