Add support for public key authentication and n-of-m threshold scheme #594
Comments
|
On 10/29/2015 8:33 AM, CardContact Software & System Consulting wrote:
PKCS#11 does support CKF_PROTECTED_AUTHENTICATION_PATH flag in CK_TOKEN_INFO which could be used to indicate that this feature might be supported. PKCS#11 allows for *_VENDOR_DEFINED Objcts, Hardware Features, Certificate, Attributes, Mechanisms, Return values: One way would be to define a vendor_defined object or vendor_defined mechanisum. to pass out and in parameters needed to the authentication. Then to do the the ECDSA, C_Sign pointing at a special ECDSA key or keys one for each party. (In any case VENDOR_DEFINED values should all start with 2 bytes that would not conflict with some
Douglas E. Engert [email protected] |
|
CKF_PROTECTED_AUTHENTICATION_PATH is what I had in mind as well. I guess the problem to solve is how to plug public key authentication into C_Login. One way I could think of is to implement a RAMoverHTTP client that would allow an external component to perform the authentication steps. That way the pkcs#11 module in C_Login would connect to an authentication server and hand-over APDU access to the device. On the server the necessary authentication steps could be performed by key custodians logged into the server. Once authentication completes, the server terminates the connection and the module returns from C_Login. |
|
On 10/29/2015 1:23 PM, CardContact Software & System Consulting wrote:
This is an N-of-M authentication. Does the card know the public keys of the M possible keys? Application asks for attributes for a N-of-M vendor defined object, that returns the value of N, M and M challenges Application then uses other means (Maybe pkcs11 to access N cards) to have each of the challenges signed. When C_Login is then called without PIN, the above data is then presented to card, or card is told to verify the So all the authentication is done over one PKCS#11 session. Another way: Define one vendor define attribute for the token. A call to C_Login with NULL PIN starts the process. Application then gets N of the M challenges signed, and presents Only after N calls to C_Logins with userType set to CKU_CONTEXT_SPECIFIC is the
Douglas E. Engert [email protected] |
I guess the individual authentication steps could be implemented using However this approach requires a modification of the application to Maybe we need both. |
|
On 10/30/2015 4:09 AM, CardContact Software & System Consulting wrote:
OK, I can see how it could be very important to not change the application. Has anyone implemented PKI authentication for C_Login? i.e. a 1 of 1 version? An example of a vendor using the VENDOR_DEFINED features: Something similar that required multiple PINs was deprecated: 6.7 Secondary authentication (Deprecated)
Douglas E. Engert [email protected] |
|
A blog post explains the motivation and gives more background information. |
|
Cool. The presentation show it nicely. On 10/30/2015 9:23 AM, CardContact Software & System Consulting wrote:
Douglas E. Engert [email protected] |
|
Addressed in #1711 |
The newly released 2.0 version of the SmartCard-HSM (named "EA+" for extended authentication) supports public key authentication with a n-of-m threshold scheme.
The mechanism allows shared control over keys on a SmartCard-HSM, which is in particular useful for CA, sensitive SSH or code signing keys. It replaces the user PIN with a public key authentication scheme using ECDSA and a challenge-response protocol. The threshold scheme is defined during initialization and defines the total number of authentication keys and the quota required for a successful authentication.
As PKCS#11 does not support such an authentication mechanism directly, I would like to start a discussion how an integration with OpenSC could be accomplished.
The text was updated successfully, but these errors were encountered: