diff --git a/README.md b/README.md index 6ea10be..f7e59e7 100644 --- a/README.md +++ b/README.md @@ -2,111 +2,111 @@ This is a project to create a Hardware Security Module (HSM) with a Raspberry Pico. It converts your Pico board into a HSM which is able to generate and store private keys, encrypt or decrypt with AES or signing data without to disclose the private key. In detail, the private key never leaves the board and it cannot be retrieved as it is encrypted in the flash memory. ## Capabilities -### Key generation and encrypted storage +### > Key generation and encrypted storage Private and secret keys are stored with a master AES 256 key (DKEK). The DKEK is, at the same time, encrypted with a hashed and salted version of the PIN. **No private/secret keys, DKEK or PIN are stored in plain text ever. Never.** -### RSA key generation from 1024 to 4096 bits +### > RSA key generation from 1024 to 4096 bits RSA key generation in place for 1024, 2048, 3072 and 4096 bits. Private keys never leave the device. -### ECDSA key generation from 192 to 521 bits +### > ECDSA key generation from 192 to 521 bits ECDSA key generation in place for different curves, from 192 to 521 bits. -### ECC curves +### > ECC curves It supports secp192r1, secp256r1, secp384r1, secp521r1, brainpoolP256r1, brainpoolP384r1, brainpoolP512r1, secp192k1 (insecure), secp256k1 curves. -### SHA1, SHA224, SHA256, SHA384, SHA512 digests +### > SHA1, SHA224, SHA256, SHA384, SHA512 digests ECDSA and RSA signature can be combined with SHA digest in place. -### Multiple RSA signature algorithms +### > Multiple RSA signature algorithms It supports RSA-PSS, RSA-PKCS and raw RSA signatures. -### ECDSA raw and hash signature +### > ECDSA raw and hash signature ECDSA signatures can be in raw or pre-hashed formats. -### ECDH key derivation +### > ECDH key derivation It supports the calculation of shared secrets with ECDH algorithm. -### EC private key derivation +### > EC private key derivation It allows ECDSA key derivation.[^1] -### RSA-OEP and RSA-X-509 decryption +### > RSA-OEP and RSA-X-509 decryption It allows private decryption in place with RSA-OEP and RSA-X-509 algorithms. -### AES key generation +### > AES key generation It supports AES key generation in place with keys of 128, 192 and 256 bits. -### AES-CBC encryption/decryption +### > AES-CBC encryption/decryption AES encryption and decryption is performed in place. -### CMAC +### > CMAC It supports AES-CMAC authentication.[^1] -### AES derivation +### > AES derivation It supports AES secret key derivation.[^1] -### PIN authorization +### > PIN authorization Private and secret keys cannot be used without prior PIN authentication. It supports alphanumeric PIN. -### PKCS11 compliant interface +### > PKCS11 compliant interface The module can be interfaced with PKCS11 standard. -### HRNG (hardware random number generator) +### > HRNG (hardware random number generator) It contains a harware random number generator properly modeled to guarantee maximum entropy. -### Device Key Encryption Key (DKEK) shares +### > Device Key Encryption Key (DKEK) shares It supports DKEK share imports. DKEK are used to wrap, unwrap and encrypt private and secret keys in the device. -### DKEK n-of-m threshold scheme +### > DKEK n-of-m threshold scheme It supports a n-of-m threshold scheme to minimize outage when a DKEK custodian is not available during the import process. -### USB/CCID support with OpenSC, openssl, etc. +### > USB/CCID support with OpenSC, openssl, etc. Pico HSM has a full USB CCID stack to communicate with the host via OpenSC and PCSC. It allows the use of frontend applications such as OpenSSL via PKCS11 module. -### Extended APDU support +### > Extended APDU support It supports extended APDU packets, which allows up to 65535 bytes. -### CVC certificates +### > CV Certificates Pico HSM manipulates CVC certificates and requests to minimize the storage of internal certificates. -### Attestation +### > Attestation Every generated key is attached to a certificate, signed by an external PKI to ensure that a particular key is effectively generated by this specific device. -### Import external private keys and certificates +### > Import external private keys and certificates It allows private key and certificates import via WKY or PKCS#12 files.[^2][^3] -### Tranport PIN +### > Tranport PIN It allows transport PIN for provisioning and forcing to set a new PIN.[^2] It is a tampered mechanism that ensures the device has not been unsealed during the transportation from the issuer to the legitimate user. -### Press-to-confirm button +### > Press-to-confirm button It allows the use of BOOTSEL button to confirm operations with private/secret keys, such as signatures and decryption. When a private/secret key is loaded, the user has 15 seconds to press the button to confirm the operation. This feature protects the user from unwanted uses from background applications that may sign data without user notice. -### Store and retrieve binary data +### > Store and retrieve binary data It allows the storage of arbitrary files with binary data. -### Real time clock (RTC) +### > Real time clock (RTC) Pico HSM has a RTC with external datetime setting and getting. -### Secure Messaging (secure channel) +### > Secure Messaging (secure channel) Pico HSM supports secure channel, where the data packets between the host and device are encrypted to avoid man-in-the-middle attacks. -### Session PIN +### > Session PIN A specific session PIN can be set during the session opening to avoid the systemmatic use of PIN. -### PKI CVCert remote issuing for Secure Message +### > PKI CVCert remote issuing for Secure Message Secure channel messages are secured with a certificate issued by an external PKI. -### Multiple key domains +### > Multiple key domains Key domains are domains to store separate private/secret keys. Each domain is protected by a DKEK, independent from the other domains. Private/secret keys can be generated in different key domains to be used with separated DKEK. Therefore, a single device may contain different domains with independent keys. -### Key usage counter +### > Key usage counter A key usage counter is a counter that is reduced by 1 everytime that the private/secret key is used for signing, decrypting, derivation, etc. When it reaches 0, the key is disabled and cannot be used anymore. Key usage can also be used to perform and auditory and track the usage of a particular key. -### Public Key Authentication +### > Public Key Authentication Public Key Authentication (PKA) allows to authenticate by using a secondary device with a private key and a registered public key in the primary device. A challenge is generated by the primary Pico HSM and given to the secondary for signature. The secondary device signs the challenge and returns the signature. Then, the primary device verifies the signature with the registered public key and if it is valid, it grants full access, as normal PIN authentication. In PKA, the PIN is used for protecting the DKEK, as classic method with only PIN, and PKA is used for adding an extra security layer. Therefore, this mechanism provides a higher degree of security, since it needs a secondary Pico HSM to authenticate the primary one.