search

Nitrokey / nitrokey-pro-firmware

Firmware for the Nitrokey Pro device
GNU General Public License v3.0
117 stars 21 forks source link

Customise firmware #84

Closed SteynSieveo closed 3 years ago

SteynSieveo commented 3 years ago

Hi there!

We are interesting in using your Nitrokey HSM for some software projects, but we have the requirements of enabling the HSM with crypto that is yet to be standardised - in particular Pairing based ECC BN from https://github.com/miracl/core

We are happy with doing the work ourselves, and from what I can see here it sounds like we could modify the firmware to add this type of functionality, but I am not 100% sure about it. Is this possible in theory to add this type of functionality and have private keys protected in a device like the Nitrokey HSM and have the HSM do signing?

jans23 commented 3 years ago

In general, the entity which protects cryptographic keys also needs to compute the algorithm. Because smart cards don't support your algorithms yet, the only option is to add support to the firmware which runs on the MCU. I strongly recommend to do this on the Rust-based platform Trussed of our upcoming Nitrokey 3. Your contributions are very much welcome.

Because this ticket belongs to a different project, I'm closing it.

jans23 commented 3 years ago

Here is a trial wrapping already.

SteynSieveo commented 3 years ago

@jans23 that is excellent thank you! I'll have a look at it. I'm not really familiar with Rust, but I've only heard good things so far and coming from C/C++ it seems like it is not too much of a leap.

Trussed looks really interesting. :)