[messaging] Multiple devices and key synchronization: some thoughts
Trevor Perrin
trevp at trevp.net
Mon Dec 29 18:25:45 PST 2014
On Mon, Dec 29, 2014 at 5:48 PM, Tony Arcieri <bascule at gmail.com> wrote:
>
> I kind of like the previously described idea of having a user register many
> public keys in a directory, one for each device they currently have
> enrolled, signed by a master key
I wrote an analysis of this, see cases 3 vs 4.
https://moderncrypto.org/mail-archive/messaging/2014/001022.html
In brief: cloning the private key is simpler and more efficient than
signature chains, avoiding the master / subordinate device distinction
seems like a better UX, and I don't think mitigating device compromise
via signature expiration or signed revocation statements has much
value here, since time sync and delivering revocation data are
unreliable.
> the important point here is that we're able to move a cryptographic
> key from device-to-device without any devices but the two involved in the
> exchange ever seeing the raw unencrypted keying material.
Yes.
> Typically this sort of "cloning" is actively avoided by modern crypto
> hardware devices though.
HSMs can generally export and import wrapped keys. Some HSMs and
smartcards can execute code in the secure environment, in which case
you can do whatever you want.
Trevor
More information about the Messaging
mailing list