Trac Wiki converted to Pelican Markdown

The Trac Wiki that used to hold this site has been converted to a wiki-like setup using git, Markdown, Pelican, and m.css.

The git repository is configured to generate the web content from the Markdown automatically upon receiving a git push.

linkchecker may also be useful in validating the generated content.

External Project Tor HSM


The Tor network is defined by a small number, about ten, of special relays called Directory Authorities (DAs).

Directory Authorities sign the critical status votes and consensus status documents using SHA-1 and SHA-256 together with RSA-2048 or RSA-3072 once per hour, using medium-term on-line authority signing keys signed by …

Secure Channel

This is a sketch of a design for the secure channel that we want to have between the Cryptech HSM and the client libraries which talk to it. Work in progress, and not implemented yet because a few of the pieces are still missing.

Design goals and constraints

Basic design …

Release Notes

3.0, May 2017

  • New keystore implementation. Basically a very small flash filesystem, including basic wear leveling. Maximum number of keys varies depending on key size and how many options are attached, but for any reasonable use it should hold on the order of 2,000 keys at least.
  • In-memory …

Building Cryptech Software/Firmware/Bitstream From Source

Everything you need to build our software, firmware, and FPGA bitstreams from source yourself is publicly available, but the process is a bit complicated. Overall, there are two methods, one of which our developers use while writing this stuff, the other of which we use for the automated reproducible builds …

Disaster Recovery on the Alpha Board

This page covers a few likely (hopefully unlikely) oh-noes.

Oh no, I bricked my device

Recovering from a bad firmware install

You can upload new firmware through the bootloader. On power-up or reset, the bootloader flashes the blue LED for 10 seconds. During that time, start cryptech_upload:

$ cryptech_upload --firmware --user …

Upgrading the Cryptech Alpha HSM

This page explains how to upgrade the Cryptech Alpha firmware, bootloader, and FPGA bitstream (as needed).

All of the operations here use the Alpha's "management" (MGMT) port, so that cable must be connected to your Linux or OSX host machine.

Upgrading from the stock firmware (Berlin workshop or CrowdSupply)

The …

Upgrading Cryptech Alpha HSM to "ksng" development package

This page attempts to explain the upgrade procedure for testing out the new "ksng" development branch of the Cryptech Alpha firmware.


This particular upgrade is more complicated than we would have preferred, due to the interaction of two unrelated factors:

  1. As the name (obscurely) implies, the main feature in …

Alpha Sealed Bags

Chain of custody

At present, we can't make any statements at all about the integrity of the hardware before it reached us - assembled and ready.

We test and program the Alphas using a dedicated computer, but not in a secure facility by any means. A concerned user is advised to …

An Open Crypto Chip

The Layer Cake Architecture Picture


Use Cases

  • RPKI/DNSSEC Signing
  • Transport VPNs
  • Routers and TCP/AO
  • Email
  • Federations, Identity Systems, SSO etc
  • Password Stretching & HMAC:ing
  • PGP and SSH Keys on a Stick
  • High Quality Entropy Randomness
  • A Communications Terminal Doing One Thing Well, Like Jabber w/o X11
  • HSM …

Binary Packages for Cryptech Software and Firmware

The Cryptech Project maintains APT and Homebrew repositories containing packaged software for the Cryptech Alpha board for Debian and Ubuntu Linux and for Mac OS X. The binary packages also include pre-compiled images for the Alpha Board's Artix-7 FPGA, Cortex M4 ARM CPU, and AVR ATtiny828 MCU.

How to get …

Comparison of On-Chip Bus Standards


This document contains a brief summary of different on-chip bus standards. The standards are described and compared based on license and availability, technical specifications and general usage.

The purpose of the document is to provide a basis for selecting the primary bus standard for the Cryptech Open HSM project …

CrypTech Workshop, Praha, 18 July 2015


  • Hilton Hotel, the IETF venue
  • Amsterdam Room (this is a change)
  • 09:00 - 17:00


  • The CrypTech Team
  • Others Who Have Contributed
  • Other Folk at the Meeting

Workshop Goals

  • Get an understanding of the project status and roadmap
  • Discus your requirements and expectations with the team
  • Get hands-on …


DNSSEC Requirements


  • Should we even support SHA-1?
  • GOST?

Must implement

Target DNSSEC Algorithms:

  • RSA/SHA-256 (RFC 5702)
  • RSA/SHA-512 (RFC 5702)


  • Hash: SHA-256
  • Hash: SHA-512
  • Sign: RSA

Required PKCS11 Mechs:

  • CKM_RSA_PKCS (possible cross-check hash with CKM_SHA256 and CKM_SHA512 before signing)
  • CKM_SHA256
  • CKM_SHA512

Should implement

Target …

Noisy Diode entropy source

The Cryptech project is using Avalanche Noise as a physical entropy source connected to the FPGA.

Avalanche breakdown is a physical process that occurs when current is forced backwards through a diode until it cannot hold back anymore. The diode will then begin conducting for a brief time until the …

PKCS11 Proxy

The pkcs11-proxy is a way to tunnel PKCS11 over TCP (TLS). This page explains how to build and install PKCS11 proxy on the novena. There are various forks of this on github. We're going to use the SUNET fork since it support TLS-PSK for authentication out of the box. The …

Post Alpha Plan

The core dev team had a design meeting in Berlin after the alpha workshop. We came up with a plan for the hardware and the software work for the next few months:


Revision 04

This is targeted for the mid-flight revision in the 50 board order from propoint. For …

Posted by Paul Selkirk on in misc. updated

Project Management

v0.1 Resources

Human - 4-5 FTE

  • 0.5 Specifications
  • 1.0 FPGA Tools and Core
  • 1.0 Core Libraries and Interfaces
  • 0.5 QA & Docs
  • 0.5 Assured Linux Platform
  • 1.0 Coordination


  • 4 Bunnie Boards
  • 2 Altera Eval Systems
  • Linux Platform

Travel & Overhead

  • Travel $5k/mo
  • Communications $1k …

Project Status Dashboard

Product Component Requirements

State Component DNSsec Signing Let's Encrypt Tor Consensus Internal Ticket
Done AES / KEY WRAP Wrap/Bkup #17
ECDSA p256 secondary Yes
ECDSA p384 secondary ?
Testing PKCS#11 Yes Yes Yes Yes #14
Done RSA Yes Yes Yes #16
Done SHA-1 Yes
Done SHA-256 Yes Yes Yes
Done …

Side Channel Attacks

Side Channel attacks on hardware are hard to avoid, detect and mitigate. But this should not stop us from trying. The CrypTech platform should be developed with side channel issues in mind. This page tries to collect information about relevant side channel attacks, mitigation strategies, side channel resistant design methods …

Alpha Board Strategy

The Cryptech Alpha Board


Develop a first, custom HSM board that can be used to support a first set of applications as well as being used for further development of new functionality as well as security mechanisms such as tamper detection and protection, key storage etc. Deadline is to …

Cryptech Hardware

Generation 1

Various generic FPGA development boards.

Generation 2


Generation 3

An Alpha version of a CrypTech HSM, currently in early design


There is no real tamper wrapping and no tamper sensors. The tamper switch is used to simulate tamper detection to test the system's tamper reaction(s).

For …

dev-bridge board

In the process of developing the AlphaBoardComponents design, the project has made what is known as the "dev-bridge board".

This is a board, 100x70 mm, with about 2/3 of the components intended to be on the Alpha design. What is missing is basically the FPGA and it's supporting circuits …

Posted by Paul Selkirk on in misc. updated

DNSSEC signing using OpenDNSSEC and a Cryptech alpha board rev03

Before you start, you'll need

  • A Cryptech Alpha board, preferrably revision "rev03"
  • APT on the host system configured to find packages in the Cryptech repository, see BinaryPackages for instructions
apt-get install cryptech-alpha opendnssec opensc

Once you have the software package installed, you may need to upgrade your HSM's firmware.

Configure …

EDA Toolchain Survey

The major issue is finding tools that allows a designer, user to verify that the RTL source code (in Verilog or VHDL) matches what is generated at the physical level. As part of the project we need to investigate the current status of open tools in the toolchain for implementation …

Planning for SUNET funded Cryptech Work

The following documents the first two development steps in Cryptech funded by SUNET. The development is being done by Joachim Strömbergson from Secworks AB.

Step one (Deadline 2014-02-28)

  • Acquire a FPGA development platform.

DONE. We have a Terasic DE0 board and a Terasic Cyclone V GX starter kit board.

  • Create …

Praha Workshop SSH keys

The list of all known SSH keys

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZJUtfVH0KQfdGhVetTQRpg9Ki8xGKNnO07r6df9DrrmDrsHVSsDOv8zxMoNh4XHbaLtmSCT8IkB8xLU6dXVCH4vWZZwfzaKKRNgMOSfOSc6blKKBV6xEw9qXeMe4dWcfknl3yAr6EqYsg5Lrmqgalr8Vyd6FGAoGbLR4Qh7vrahMqXp3+20kn1xfDm5reSJDbNPmU4eNhJykTNtr6l6CbK/OFzhqcMI/AW5AO0wL8f5wIoHQzescZWQMDMW+1gVyDiS8lGS6nhsSZwZZeAJrXHK/LF3ldz1To5HBxzpU5Sziav8C5bgTeYo5YfqDuBq8m9mgZTzqocXFcXUCr0I6x dol@dolmacbook
          ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnskRpNxWJE/YgDR3o6sMWwwmbUJ8f2SJa0gHfHM+fcxxC2zQN9/9mqJSxS1E9QdeuRbbHpYxEUtHoX0vSrmia/VALDiQAMps51RBqq6YlrYqvP/Rb0hZ0Z4/YgjTosLdu1PeTzih6mwbyNNF0+gY987Ig31qXQytNF+9G1oSY9dgBAq52lu170QXTRwum4B6Gh4/pCnM6xx+7nY2oqlgvl2wYHVAOJ39W9r4y9kBhcVs51XvJqYehjaoyKYf1+PzA0FsvhJkZuG6ws5eEGSB90lAzKGyFZXedvOLmnFmqAraoLeuKajHIFJDfKNfHHbYpn8ERIfVW66nbqlXFO2g3
          ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCo3wT4gGyEmGGw5ePMO+jscvq7lo4hIPQHVZNgrChVWphvD1MkkH6PfoUYNfKwagFjUPQcDotQxGaVfvxL6Y4WzOfwiONHTj/4b2skxdRw5B/K2ZnGw2pbfXP4Nhjb1gry2K+BSVWqP3pVZk5tQ+P0YqbwKNfBFlaqS1dR8uIwo6E/8wGIjcMcDMAioMyRlU2R …

Randomness Testing Tools

This page explains some basics on testing for randomness, and the background necessary to understand their outputs.

Basic Considerations

When testing the randomness of an alleged/assumed random bit/byte stream, there are two fundamentally different categories of tests: There are blackbox tests which are independent of the particular source …

Review feedback of the Alpha schematics

Power subsystem

Comment Who Resolution Status
The LTS3060ITS8 is a 8-lead device but the symbol shows only 6 (there are 3 GND leads). Kent ft to correct mapping of pins between symbol and package Done
The output capacitor C13 can have higher capacitance. The 2.2 uF is the lowest …

Rough Cut at v0.01 Proof of Concept Feature Set

This is a proposed version 0.01 product as a proof of concept. The intent is not to have a very useful product, but rather to gain confidence in our architecture, tools, and team. The result is intended to be the basis for further development into a more useful second …

Who We Are

This effort was started at the suggestion of Russ Housley, Stephen Farrell, and Jari Arkko of the IETF, to meet the assurance needs of supporting IETF protocols in an open and transparent manner.

But this is not an IETF, ISOC, ... project. As the saying goes, we work for the Internet …

Alpha Schematics

The Alpha schematics are almost finished!

PDF and Eagle files available for download here in the hardware repository.

The schematics are based on the dev-bridge board that we made in the summer of 2015, which is why it is called rev02 …

Documents, Meetings, etc.


  • At IETF88 an open lunch meeting was held with maybe 30-40 people. Minutes will be posted here shortly.
  • An invitation-only initial exploratory and team-building meeting will be hosted by SUNET in Stockholm in December. Invitations are in process. Dress in layers. Anything useful that comes out of the meeting …

HSM Requirements

Requirements for the Cryptech Alpha System. Derived from Use Cases (see below). There are also utility, internal requirements (again, see below).


Per key storage requirements

In addition to the actual key data, each key requires

  • Key type – 4 bytes
  • Key identifier – 4 bytes
  • Key flags, e.g. exportable – 8 …

Welcome to the Cryptech Project


Recent revelations have called into question the integrity of some of the implementations of basic cryptographic functions and devices used to secure communications on the Internet. There are serious questions about algorithms and about implementations of those algorithms in software and particularly hardware. The goal of the CrypTech project …