Feature request: Signed Random Data

Nitrokey / nitrokey-3-firmware

Nitrokey 3 firmware

Apache License 2.0

245 stars 25 forks source link

Feature request: Signed Random Data #426

Open rrottmann opened 9 months ago

rrottmann commented 9 months ago

Would it be possible to optionally sign generated random data on device before leaving it so that it is verifiable to originate from the Nitrokey?

The quality of random data can be tested but the origin usually cannot be guaranteed.

Benefits:

Integrity of the generator, integrity of the data and the origin can be guaranteed.
Usable as public RNG (for usecases similar to https://drand.love but selfhosted - like timelocks)

daringer commented 9 months ago

hey @rrottmann - great idea - moved this into the nk3-fw repository, because random number generation is currently a core feature not associated directly with a specific app.