Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Content provided by CCC media team. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by CCC media team or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ro.player.fm/legal.
Player FM - Aplicație Podcast
Treceți offline cu aplicația Player FM !
Treceți offline cu aplicația Player FM !
Boring infrastructure: Building a secure signing environment (asg2024)
MP4•Pagina episodului
Manage episode 442104854 series 2475293
Content provided by CCC media team. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by CCC media team or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ro.player.fm/legal.
Many Linux distributions rely on cryptographic signatures for their packages and release artifacts. However, most of the used signing solutions either do not rely on hardware backed private key material or are run in untrusted environments. This presentation will provide a general overview of the [Signstar](https://gitlab.archlinux.org/archlinux/signstar/) project, which is currently under development by Arch Linux to provide a generic signing solution based on a Hardware Security Module (HSM). To improve build automation and general supply chain security for Arch Linux, some of its developers have started to conceptualize and work on a generic, central signing solution: [Signstar](https://gitlab.archlinux.org/archlinux/signstar/). In this context, related work has been evaluated for adoption, but it soon became clear, that to meet the distribution's requirements a custom solution would be implemented. For transparency and auditability reasons Nitrokey's NetHSM has been chosen as Hardware Security Module (HSM). Developers are actively working on a high-level Rust library and CLI to interface with the device over network. In this presentation I will introduce the viewer to some of Arch Linux's relevant history and requirements, the evaluated architecture and setup. Together we will have a look at Signstar's threat model, its design for minimizing credentials exposure of the HSM, as well as its integration with the OpenPGP ecosystem. Additionally, we will explore avenues for future work on other generic cryptographic operations in the context of X.509, SSH and Secure Boot. Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/WWEGGC/
…
continue reading
1826 episoade
MP4•Pagina episodului
Manage episode 442104854 series 2475293
Content provided by CCC media team. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by CCC media team or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ro.player.fm/legal.
Many Linux distributions rely on cryptographic signatures for their packages and release artifacts. However, most of the used signing solutions either do not rely on hardware backed private key material or are run in untrusted environments. This presentation will provide a general overview of the [Signstar](https://gitlab.archlinux.org/archlinux/signstar/) project, which is currently under development by Arch Linux to provide a generic signing solution based on a Hardware Security Module (HSM). To improve build automation and general supply chain security for Arch Linux, some of its developers have started to conceptualize and work on a generic, central signing solution: [Signstar](https://gitlab.archlinux.org/archlinux/signstar/). In this context, related work has been evaluated for adoption, but it soon became clear, that to meet the distribution's requirements a custom solution would be implemented. For transparency and auditability reasons Nitrokey's NetHSM has been chosen as Hardware Security Module (HSM). Developers are actively working on a high-level Rust library and CLI to interface with the device over network. In this presentation I will introduce the viewer to some of Arch Linux's relevant history and requirements, the evaluated architecture and setup. Together we will have a look at Signstar's threat model, its design for minimizing credentials exposure of the HSM, as well as its integration with the OpenPGP ecosystem. Additionally, we will explore avenues for future work on other generic cryptographic operations in the context of X.509, SSH and Secure Boot. Licensed to the public under https://creativecommons.org/licenses/by/4.0/de/ about this event: https://cfp.all-systems-go.io/all-systems-go-2024/talk/WWEGGC/
…
continue reading
1826 episoade
Όλα τα επεισόδια
×Bun venit la Player FM!
Player FM scanează web-ul pentru podcast-uri de înaltă calitate pentru a vă putea bucura acum. Este cea mai bună aplicație pentru podcast și funcționează pe Android, iPhone și pe web. Înscrieți-vă pentru a sincroniza abonamentele pe toate dispozitivele.