Open Jkd-eth opened 4 weeks ago
I think AWS Nitro sounds like it could do something similar for us? https://aws.amazon.com/ec2/nitro/ Particularly the Nitro Security Chip, at first glance.
I believe that with this, we could have the chip generate it's own public/private key pair, and never reveal the private key even to us. Then we just send it data to sign/hash.
But if we do this, we'll probably need to think of some sort of system for rolling to a new keypair if we lose access to the original (since we won't have any backups, since it defeats the purpose). So we'll need to think that through.
This seems better than having to run our own dedicated hardware for this task.
We should timebox this to 2 days.
We should look into AWS Nitro and HSM. What is the difference between these solution (pros & cons). In either case we should come up with a process for key rotation.
User Story:
As the Passport team, I want to ensure that the cryptographic keys used for hashing and signing are secured against exposure, So that the integrity and security of the platform are maintained, preventing the potential doxing of 1.3 million addresses or other critical security breaches.
Acceptance Criteria
GIVEN the high sensitivity of cryptographic keys used in Passport's operations, WHEN evaluating secure storage and management options for these keys, THEN we should identify the best solution, whether it's an HSM, Amazon Nitro, or another technology, to ensure the highest level of security and minimize the risk of key exposure.
Exploration Goals
Timebox to 2 days (Gerald's comment below)
Product & Design Links:
N/A
Tech Details:
Open Questions:
Notes/Assumptions:
Feedback from Octant: It’s possible to transition to a more secure key management solution without significant operational disruption, potentially using credential versioning and a hybrid signing method (
sign_by_hsm(hash(pii)
), for example). We might need to run parallel systems during the transition to ensure security and functionality.