|
|
Subscribe / Log in / New account

Secure key handling using the TPM

October 17, 2018

This article was contributed by Tom Yates

Kernel Recipes

Trusted Computing has not had the best reputation over the years — Richard Stallman dubbing it "Treacherous Computing" probably hasn't helped — though those fears of taking away users' control of their computers have not proven to be founded, at least yet. But the Trusted Platform Module, or TPM, inside your computer can do more than just potentially enable lockdown. In our second report from Kernel Recipes 2018, we look at a talk from James Bottomley about how the TPM works, how to talk to it, and how he's using it to improve his key handling.

Everyone wants to protect their secrets and, in a modern cryptographic context, this means protecting private keys. In the most common use of asymmetric cryptography, private keys are used to prove identity online, so control of a private key means control of that online identity. How damaging this can be depends on how much trust is placed in a particular key: in some cases those keys are used to sign contracts, in which case someone who absconds with a private key can impersonate someone on legal documents — this is bad.

The usual solution to this is hardware security modules, nearly all of which are USB dongles or smart cards accessed via USB. Bottomley sees the problem with these as capacity: most USB devices can only cope with one or two key pairs, and smart cards tend to only hold three. His poster child in this regard is Ted Ts'o, whose physical keyring apparently has about eleven YubiKeys on it. Bottomley's laptop has two VPN keys, four SSH keys, three GPG keys (because of the way he uses subkeys) and about three other keys. Twelve keys is beyond the capacity of any USB device that he knows of.

[James Bottomley]

But nearly all modern general-purpose computing hardware has a TPM in it; laptops have had them for over ten years. The only modern computers that don't have one, said Bottomley, are Apple devices "and nobody here would use one of those". The TPM is a small integrated circuit on the motherboard that the CPU can talk to, which can perform cryptographic operations. The advantage of using the TPM for key management is that the TPM can scale to thousands of keys, though the mechanism by which it does this is, as we shall see, interesting. Most of the TPMs currently in the field are TPM 1.2 compliant. Thanks largely to Microsoft, he added, TPM 2.0 is the up-and-coming standard; some modern Dell laptops are already shipping with TPM 2.0, even though the standard isn't actually finalized yet.

The main problem with TPMs under Linux is that accessing them has been a "horrifically bad" experience; anyone who tried to use them has ended up never wanting to deal with them again. The mandated model for dealing with TPMs is the Trusted Computing Group (TCG) Software Stack (TSS), which is "pretty complicated". The Linux implementation of TSS 1.2 is TrouSerS; it was completed in 2012, and has "bit-rotted naturally since then", but remains the only way to use TPM 1.2 under Linux. The architecture involves a TrouSerS library that is linked to any relevant application, which talks to a user-space daemon (tcsd), which in turn talks to the TPM through a kernel driver. One of the many issues Bottomley has with this is that the daemon is a natural point of attack for anyone looking to run off with TPM secrets. For his day job, which is running containers in the cloud, the design is completely unacceptable: cloud tenants will not tolerate "anything daft in security terms", and a single daemon through which the secrets of all the system's tenants pass is certainly that.

The added functionality in TPM 2.0 means we can do much better than the TCG model. For many people in the industry, departure from the TCG model is heresy, but fortunately, said Bottomley, there are large free-wheeling sections of the industry (i.e. Linux people) who are happy to use any programming model that actually works. As with 1.2, the TCG is writing a software stack, but it's naturally even more complex than 1.2's TSS. IBM has had a fully-functional TPM 2.0 stack since May 2015 and Intel is writing its own. As of 4.12, the Linux kernel has a TPM 2.0 resource manager.

Under TPM 1.2, the asymmetric encryption algorithm was 2048-bit RSA (RSA2048), which is still good enough today. The hashing function was SHA-1, which isn't good enough any more. To avoid falling into the trap of mandating an algorithm that ages badly, TPM 2.0 features "algorithm agility", whereby it can support multiple hashing functions and encryption algorithms, and will use whichever the user requests. In practice, this usually means that in addition to SHA-1 and RSA2048, SHA-256 and a few elliptic curves are supported, and this is good enough for another few years. When SHA-256 starts to show its age, TPM 2 can support a move to, for example, the SHA-3 family of algorithms.

There are problems with elliptic curves, however; most TPMs support only BN-256 and NIST P-256, but nobody uses the former, and the NSA had a hand in the creation of the latter, so nobody trusts it. Attempts to get more curves added tend to run into borders; some nations don't like crypto being exported, and others will only allow it to be imported if it's crypto they like. Curve25519 has not apparently even been on the TCG's radar, although Bottomley said there's now a request into the TCG to approve it, and since it's already been published worldwide, there is some chance that it may be generally approved as a standard addition to the TPM.

The TPM's functions include shielded key handling, things related to trusted operating systems including measurement and attestation, and data sealing; Bottomley focused on the key-handling capabilities. The TPM organizes keys in hierarchies with a well-known key at the top; this is a key, generated by the TPM, the private half of which is known only to the TPM itself, and the public half of which it will give to anyone who asks. This enables the secure exchange of secrets with the TPM. If the TPM is reinitialized, the random internal seed from which the TPM derives its well-known key is regenerated, and anything the TPM has ever encrypted becomes unusable. This is important in terms of decommissioning devices; reinitializing the TPM is enough to render it, and anything it has ever encrypted, harmless.

Bottomley said that the TPM is capable of scaling to thousands of keys. While that's not exactly false, the TPM accomplishes this by not storing any of your keys at all. The TPM has very little memory and can only hold around three transient keys at any one time. Key handling is initially a matter of feeding a secret key to the TPM, which encrypts it into a "key blob" that only the TPM can read, which the TPM then gives back to you. Key storage is your responsibility, but with the safety net that these key blobs are meaningless to any TPM save yours, so they are not the difficult-to-store dynamite that an unprotected private key is. You can safely pass the blob in plaintext to the TPM any time you want the TPM to perform a key operation. The TPM will not decrypt a blob and give you the private key inside it; it will only perform operations with such a key. This also means that if you want to make backups of a private key, it is quite important to do it before you feed it to the TPM. If you ever get a new system, migrating your identity to it will not be possible unless you have these backups stored safely.

Prior to about March 2018, it was generally thought the the physical closeness of the CPU and the TPM made the channel between them effectively secure, at least without physical access to the hardware. Unfortunately, this has turned out not to be true, and a software tool called TPM Genie, which can attack this channel, was released. TCG's response was to develop the Enhanced System API (ESAPI), which allows for encrypted parameters in communication with the TPM (and for those of a suspicious mindset, it also allows the TPM to prove it's really a TPM).

ESAPI has its wrinkles: encrypted commands support only one encrypted argument, which must be the first, but some secret-handling commands, such as the one to import a private key in the first place, pass that key as the second argument, which was apparently overlooked by the TCG. But these problems were solved (in that specific case, by modifying the import command so that a randomly generated single-use symmetric key was used to encrypt the private key, and passed in the secure first field so that the TPM can decrypt the private key).

Having hardware support is all very well, but if user space can't easily come to grips with it, it's useless. Support in user space has come by recognizing that existing cryptosystems tend to use passphrase-protected (i.e. passphrase-encrypted) key files. With fairly small modifications, these can be passphrase-protected key blobs; possession of the passphrase allowing you to enable the OS to feed the blob to the TPM. This turns key-file-based systems into full two-factor authentication: if your laptop is stolen, each blob is passphrase-encrypted and cannot be fed to the TPM without that passphrase, and if your passphrase is compromised it is of no use to an attacker without your physical laptop.

OpenSSL now has a TPM 2.0 engine, though there is a problem in that many projects that use OpenSSL don't load the engine part of the API, thus cannot use engine-based keys. However, the fix is usually just a couple of lines of extra code in any program that uses OpenSSL, to ensure that the engine is loaded when OpenSSL is initialized. OpenVPN, for example, has been converted this way and can use the TPM. OpenSSH has been converted, though the agent requires additional patching. GnuPG uses libgcrypt, not OpenSSL, but after discussion at last year's Kernel Recipes, Bottomley has written a TPM module for GnuPG, which he demonstrated as part of the talk. Sbsigntools and gnome-keyring also now have TPM support. Some use cases remain unsupported: the TPM is a slow, low-power device that cannot handle hundreds of key operations per second, so it will likely remain unusable for things like full-disk encryption.

In response to an audience question about audit, Bottomley accepted that TPM 1.2 was poor in this regard. This allowed a number of issues to slip through the net, such as weak prime generation for Infineon TPMs. For TPM 2.0, the TCG has upped its game; there is a certification program involving a standardized test suite to check correct operation. There is also a reference implementation, written by Microsoft, but available under a BSD license, though apparently it is not widely used by TPM vendors.

The days of practical username/password authentication have already gone. The more we can support two-factor authentication, the more secure a future we can reasonably expect. The TPM is by no means the only way of doing this — I shall continue to use my YubiKey over NFC, and my GPG smartcard — but as TPM 2.0 hardware becomes more widespread it's an increasingly practical way of doing it, and it gets utility from a part of your computer that until now may have largely been looked on with disdain.

[We would like to thank LWN's travel sponsor, The Linux Foundation, for assistance with travel funding for Kernel Recipes.]

Index entries for this article
SecurityEncryption/Key management
GuestArticlesYates, Tom
ConferenceKernel Recipes/2018

to post comments

Secure key handling using the TPM

Posted Oct 17, 2018 16:58 UTC (Wed) by epa (subscriber, #39769) [Link] (19 responses)

From the sound of it, if access to the TPM is mediated by the kernel, then for some applications you don't need a physical TPM at all. After all, if you can't trust the kernel there are probably equally bad problems as loss of a private key. (This is certainly not true in all applications, hence the desire for a hardware TPM that stays secure even if the kernel is compromised -- but just as certainly there are cases where it does hold, and any attacker who controls the kernel can already do all the bad things you're worried about.)

That suggests a virtual TPM in software, but exposed using the same kernel interface, would be a useful thing to have for some virtualization applications, for debugging, and for systems that don't have a hardware TPM but nonetheless want to run software that expects one (at the user's own risk, of course).

Secure key handling using the TPM

Posted Oct 17, 2018 17:01 UTC (Wed) by jgg (subscriber, #55211) [Link] (17 responses)

The tpm subsystem supports this, and I recall qemu can work with emulated tpm as well.

Secure key handling using the TPM

Posted Oct 17, 2018 17:03 UTC (Wed) by jgg (subscriber, #55211) [Link] (16 responses)

What I would really like to see is for distros to start supporting tpm for holding the disk encryption key. It is rediculous how far ahead Windows is here.

Secure key handling using the TPM

Posted Oct 17, 2018 17:24 UTC (Wed) by rdoty (guest, #39529) [Link] (2 responses)

The Clevis module in Network Bound Disk Encryption (NBDE) has added support for TPM2. It is initially included in Fedora 28. Details available at https://blog.dowhile0.org/2017/10/18/automatic-luks-volum...

Secure key handling using the TPM

Posted Oct 19, 2018 7:56 UTC (Fri) by jgg (subscriber, #55211) [Link] (1 responses)

I thought NBDE was for servers not latops? Interested in the laptop use case here..

Secure key handling using the TPM

Posted Oct 19, 2018 12:37 UTC (Fri) by rdoty (guest, #39529) [Link]

The original use case for NBDE was servers in a data center or VPN environment. The addition of TPM2 support adds more security - you can require both TPM and a network server - and opens up new use cases like desktops and laptops. The PIN base architecture of the Clevis client provides a flexible way to add new ways to unlock keys, and the policy capability of Clevis allows you to use multiple PINs.

Secure key handling using the TPM

Posted Oct 17, 2018 17:36 UTC (Wed) by mjg59 (subscriber, #23239) [Link] (12 responses)

Windows has the advantage of a sufficiently large security team and support infrastructure that they can support escrowing the Bitlocker keys and allowing users to recover them when system measurements change. All the pieces exist to do this in Linux, the problem is that it's a terrible user experience when an update results in them being locked out of their machine.

Secure key handling using the TPM

Posted Oct 17, 2018 18:05 UTC (Wed) by jejb (subscriber, #6654) [Link] (11 responses)

> All the pieces exist to do this in Linux, the problem is that it's a terrible user experience when an update results in them being locked out of their machine.

Just to clarify: what Matthew is talking about is where you tie keys to policy such as specific measurement values: the policy (and thus the key its tied to) needs to change if the measurements do. In the interests of full disclosure, the openssl engine I was talking about does have the ability to work with policy limited keys. However, because of the difficulty pointed out, I would recommend most people don't use this in their first foray into TPM protections.

The other difficulty about Bitlocker and Linux disk encryption is that the TPM cannot protect the keys used because it's far too slow for the bulk encryption requirements, so the TPM is used to store the symmetric disk key and release it under specific requirements for the OS to do the bulk encryption. With bitlocker these release requirements do include a password and an OS measurement policy but we could begin in Linux with simply requiring a password.

Secure key handling using the TPM

Posted Oct 17, 2018 19:52 UTC (Wed) by mjg59 (subscriber, #23239) [Link] (10 responses)

Password protection makes some sense here, but it ends up depending somewhat on your threat model. If you're using argon2id as the key derivation function (as is supported in recent versions of cryptsetup) then brute-forcing the disk passphrase isn't realistically possible in any case - it'd be cheaper to decap the TPM and read stuff out of it than it would be to throw enough compute at the brute-force job, so using the TPM is then arguably weaker than not doing so. The only real benefit you're getting is that stealing the drive on its own gets you nothing. Using policy-bound keys at least gives you the advantage of being able to boot an encrypted FS without requiring user interaction, at the cost of needing some reasonable way to handle recovery.

Secure key handling using the TPM

Posted Oct 17, 2018 19:57 UTC (Wed) by rdoty (guest, #39529) [Link] (9 responses)

Doesn't decapping the TPM need to be compared to other ways of _providing_ the disk passphrase? Manual entry of the disk passphrase, for example, is subject to everything from hardware keyloggers to software reading user input. Or am I missing something?

Secure key handling using the TPM

Posted Oct 17, 2018 21:40 UTC (Wed) by mjg59 (subscriber, #23239) [Link] (8 responses)

If you're able to intercept the user typing the password (or compel the user to provide their password in any other way) then using the TPM gives you no benefit over not using the TPM.

Secure key handling using the TPM

Posted Oct 18, 2018 6:43 UTC (Thu) by smurf (subscriber, #17840) [Link] (7 responses)

Again, that depends on the threat model. You're assuming that the adversary has access to the complete computer.

If they can "only" get away with [a copy of] the disk, the TPM approach does improve security.

Secure key handling using the TPM

Posted Oct 18, 2018 7:25 UTC (Thu) by mjg59 (subscriber, #23239) [Link] (6 responses)

You need to construct a pretty elaborate model to be able to obtain someone's password without either:

a) Having physical access to the system, or
b) Having enough control over the system to be able to exfiltrate the contents of the disk after it's been unlocked

Secure key handling using the TPM

Posted Oct 18, 2018 16:46 UTC (Thu) by smurf (subscriber, #17840) [Link] (5 responses)

Obtaining an unlock password is easy. You watch the target type it – either directly or via a surveillance camera.

Then you borrow the disk for a couple of hours – while they're asleep, off on a date, or whatever.

Secure key handling using the TPM

Posted Oct 18, 2018 16:51 UTC (Thu) by mjg59 (subscriber, #23239) [Link] (4 responses)

If you can borrow the disk then why wouldn't you just borrow the computer? It's going to be massively faster than taking the system apart to extract the disk, and for a bunch of modern laptops with flash on the motherboard you're not even going to be able to do that.

Secure key handling using the TPM

Posted Oct 19, 2018 7:54 UTC (Fri) by jgg (subscriber, #55211) [Link] (3 responses)

It isn't taking the disc that worries people, it is copying it.

If I borrow your computer, disassemble it, clone the disk, then put it back, you have no idea it was stolen and I can access your data as soon as I observe the passphrase through some means.

With the TPM even if I do all of these steps I can't decrypt the copy of the drive as I need the physical TPM as well.

Of course if I steal the entire computer then more options are possible, but at least you'll know the computer was stolen and can take counter-mesaures, ie re-keying online accounts, etc.

Secure key handling using the TPM

Posted Oct 19, 2018 8:42 UTC (Fri) by mjg59 (subscriber, #23239) [Link] (2 responses)

So the threat model is one where I have physical access to your computer before I know your passphrase, but don't afterwards?

Secure key handling using the TPM

Posted Oct 19, 2018 15:44 UTC (Fri) by jejb (subscriber, #6654) [Link] (1 responses)

A couple of observations on this argument:

Firstly neither system protects the case where the attacker got the passphrase by looking over your shoulder and then runs off with your laptop because even in the bitlocker case the measurements won't change when the attacker unlocks.

Secondly, I think there is value to having the TPM dictionary attack protections against brute forcing the password. I don't buy the argon2id brute forcing argument because most people do have insecure passphrases which a dictionary attack will eventually crack given enough compute power. I also don't buy the idea that training people not to use memorable words is the way forward because then they tend to write them down (especially if you force them to change their unmemorable passphrase every couple of months), so TPM DA protections do give benefits in the average user case where they're using a memorable word as the passphrase.

Plus simply placing the decryption key in the TPM is a big step towards implementing policy based protections around it, so it would be a good first step to take regardless of any additional security benefits.

Secure key handling using the TPM

Posted Oct 20, 2018 12:58 UTC (Sat) by mjg59 (subscriber, #23239) [Link]

argon2id is sufficiently RAM intensive that you're going to need to throw significant resources at it even if the user is using a low entropy password. If the user's using a high entropy password then it's effectively unbreakable, whereas a TPM is, well, not. I definitely think there's value in using TPMs, but for this kind of thing I think there's more value in trying to reduce PCR fragility and using them as a way of improving user experience.

Secure key handling using the TPM

Posted Oct 17, 2018 17:58 UTC (Wed) by jejb (subscriber, #6654) [Link]

> if you can't trust the kernel there are probably equally bad problems as loss of a private key

So there are things you can do about this. A fully untrusted kernel is a hugely difficult problem but a trusted but vulnerable one (meaning it's your kernel but someone could gain access via an exploit) is much easier because the more interception channels you shut down the less likely the exploit is to gain access.

However, the point about the TPM is that even a fully untrusted kernel can't gain access to the key you place in the TPM if you do it correctly. The handheld market is working on this (where you can root the system but can't get access to their credentials) but there's a huge amount of work that goes into "... do it correctly".

Secure key handling using the TPM

Posted Oct 17, 2018 17:06 UTC (Wed) by GennaroReinger (guest, #127208) [Link]

Here's link to the talk. I couldn't find it in the article.

https://kernel-recipes.org/en/2018/talks/tpm-enabling-the...

TPM proof?

Posted Oct 17, 2018 18:02 UTC (Wed) by smurf (subscriber, #17840) [Link] (3 responses)

How can the TPM prove that it's really a TPM, instead of some software emulating one?

TPM proof?

Posted Oct 17, 2018 18:09 UTC (Wed) by jejb (subscriber, #6654) [Link] (2 responses)

> How can the TPM prove that it's really a TPM, instead of some software emulating one?

TPMs come with an endorsement key (EK) certificate signed by the manufacturer. Thus you run an X509 verification on this key which proves the public part of the EK (provided you trust the manufacturer, of course) and then the TPM itself will give you various proofs signed by the EK which you can externally verify.

The proposal for defeating TPM Genie with the in-kernel TPM handling relies on the kernel simply using the NULL seed primary as an encryption key but userspace proving after boot that this is indeed a key genuinely produced by the expected TPM.

TPM proof?

Posted Oct 21, 2018 15:03 UTC (Sun) by jboone (guest, #128043) [Link] (1 responses)

I suppose there are a few downsides to asking userspace to verify the key.

First, if a man-in-the-middle (interposer) sits on the bus between the kernel and the TPM peripheral, then by the time that userspace executes, the kernel may have already been compromised. For example, this MITM can spoof measurements that are extended into PCRs, making it appear as if a malicious kernel is in fact legitimate. A compromised kernel should be able to present the real key to userspace.

The kernel could itself verify the key prior to communicating with the TPM (for the purposes of PCR extends, unsealing secrets, etc). But I understand why we may not want to do key verification in the kernel, asking the kernel to keep copies of public keys [1] for every TPM manufacturer is a maintenance problem. As an aside, similar challenges are faced by other peripheral drivers, such as the USB Type-C Authentication scheme [2] and the more recent PCIe Device Security Enhancements [3].

The above also holds true for the pre-kernel boot environment. Each boot stage needs to be able to securely communicate with the TPM. As with the kernel, the PCR Extend operations that are performed by the platform's bootloader(s) must be integrity protected. This requires knowledge of the HMAC shared secret, which must be kept hidden from a MITM. So we once again encounter the same problem that is faced by the kernel.

[1] https://www.st.com/content/ccc/resource/technical/digital...
[2] https://community.nxp.com/servlet/JiveServlet/downloadBod...
[3] https://www.intel.com/content/www/us/en/io/pci-express/pc...

TPM proof?

Posted Oct 21, 2018 15:05 UTC (Sun) by mjg59 (subscriber, #23239) [Link]

One of the benefits of running the TPM stack on the ME is that MITM becomes a significantly tougher problem (and on chips where the PCH is on package, basically impossible) - I'm actually leaning towards using PTT rather than a physical TPM where possible.

" Twelve keys is beyond the capacity of any USB device that he knows of..."

Posted Oct 18, 2018 9:18 UTC (Thu) by Herve5 (subscriber, #115399) [Link] (1 responses)

I understand some of the Nitrokeys can offer 20 RSA key pairs and 30 ECC ones; mine, the 'storage' version, only supports 3 + 3 but also offers Gbytes of encrypted memory that I trust reasonably unreachable...
Thus my very naive question : is it really less safe to store keys on an encrypted Nitrokey volume?
H.

" Twelve keys is beyond the capacity of any USB device that he knows of..."

Posted Oct 18, 2018 12:33 UTC (Thu) by Herve5 (subscriber, #115399) [Link]

(answering to myself) OK, sorry for second part the above. Obviously, just mounting the Nitrokey encrypted volume means any borked system can access my precious keys...

Secure key handling using the TPM

Posted Oct 18, 2018 15:47 UTC (Thu) by dps (guest, #5725) [Link] (6 responses)

I might be badly informed, or one a weird band that buy memory, cpus, motherboards, etc separately (and don't buy windows). At least 98% of the moderateoy cheap brand new motherboards I have condisdered don't have a tpm.

A lot of these mothebostds offer at most minimal uefi support. I find it hard to believe that just people like me are sufficient to make these tpm free motherboards economic.

I think that despite the propaganda most people don't have a tpm. Even microsoft probably can't afford not to support those that can't use uefi.

Secure key handling using the TPM

Posted Oct 18, 2018 18:17 UTC (Thu) by pizza (subscriber, #46) [Link] (5 responses)

In order to ship something with Windows 10 (Client), Microsoft mandates use of UEFI, secure boot, and a TPM.

Secure key handling using the TPM

Posted Oct 18, 2018 18:26 UTC (Thu) by mjg59 (subscriber, #23239) [Link] (2 responses)

…although I believe the TPM can be in the form of software running on the ME or SPU.

Secure key handling using the TPM

Posted Oct 18, 2018 19:49 UTC (Thu) by zlynx (guest, #2285) [Link]

All of the AMD Ryzen CPUs offer what they call a fTPM. f for Fake, maybe? (No, really it is Firmware).

It's implemented on the CPU via their PSP (Platform Security Processor). Essentially the same thing as Intel's ME.

Secure key handling using the TPM

Posted Oct 19, 2018 9:46 UTC (Fri) by nix (subscriber, #2304) [Link]

So long as they're not running it in SGX enclaves. L1tf showed us how much *that* security was worth.

Secure key handling using the TPM

Posted Oct 20, 2018 23:48 UTC (Sat) by dps (guest, #5725) [Link] (1 responses)

I have personally run Windows 10 on a laptop without uefi firmware and secure boot. It did have a tpm but I did briefly run Windows 10 with it disabled to upgrade infeon's insecure firmware. Modulo bitlocker there where no problems.

I doubt bitlocker is useful enough justify spenfing an extra £300+ more for most people.

Secure key handling using the TPM

Posted Oct 21, 2018 0:10 UTC (Sun) by pizza (subscriber, #46) [Link]

That laptop was not sold with Windows 10.

Anything sold as new today is unlikely to have been tested with anything other than Windows 10, and even then only in the configuration that MS requires (ie UEFI with secure boot).

Secure key handling using the TPM

Posted Oct 19, 2018 10:10 UTC (Fri) by grawity (subscriber, #80596) [Link]

> most USB devices can only cope with one or two key pairs, and smart cards tend to only hold three.

I'd be slightly surprised if that were true for USB-stick-shaped smartcards at least. (Especially when they don't have the size constraints that actual cards do...)

Yes, Yubikeys and other tokens implementing the PIV spec have 3 primary keypair slots for specific tasks – but they also have 20 additional "retired key" slots into which an obsolete primary keypair can be moved, so clearly the memory capacity is present, just the firmware is somewhat restrictive about it.

Here I have an old Aladdin eToken 72K USB token which uses a more freeform structure, I can upload as many keypairs as the ~72 kB memory will fit – although I've never tried more than six. (Unfortunately it's EOL and won't go above RSA2048 either. But wouldn't modern devices have at least similar capacity?)


Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds