Modify private key shards to work with hardware tokens

osresearch / cosign

Cooperative RSA signing

BSD 3-Clause "New" or "Revised" License

25 stars 3 forks source link

Modify private key shards to work with hardware tokens #7

Open osresearch opened 4 years ago

osresearch commented 4 years ago

Is there someway to modify the key shards to work with hardware tokens that expect CRT parameters or primes? Or are there hardware tokens that can operate on the (n,e,d) private key without the CRT?

osresearch commented 4 years ago

The Nitrokey is open source and has a build-time option to do non-CRT RSA for private key operations. However it does not support the openssl pkcs11 engine right now, so it will need some adjustments to make it work.