Showing only posts by Cryptech Core Team. Show all posts.

Upgrading the Cryptech Alpha HSM

This page explains how to upgrade the Cryptech Alpha firmware, bootloader, and FPGA bitstream (as needed).

All of the operations here use the Alpha's "management" (MGMT) port, so that cable must be connected to your Linux or OSX host machine.

Upgrading from the stock firmware (Berlin workshop or CrowdSupply)

The …

An Open Crypto Chip

The Layer Cake Architecture Picture


layer-cake.jpg



Use Cases

  • RPKI/DNSSEC Signing
  • Transport VPNs
  • Routers and TCP/AO
  • Email
  • Federations, Identity Systems, SSO etc
  • Password Stretching & HMAC:ing
  • PGP and SSH Keys on a Stick
  • High Quality Entropy Randomness
  • A Communications Terminal Doing One Thing Well, Like Jabber w/o X11
  • HSM …

Comparison of On-Chip Bus Standards

Introduction

This document contains a brief summary of different on-chip bus standards. The standards are described and compared based on license and availability, technical specifications and general usage.

The purpose of the document is to provide a basis for selecting the primary bus standard for the Cryptech Open HSM project …

CrypTech Workshop, Praha, 18 July 2015

Logistics

  • Hilton Hotel, the IETF venue
  • Amsterdam Room (this is a change)
  • 09:00 - 17:00

Introductions

  • The CrypTech Team
  • Others Who Have Contributed
  • Other Folk at the Meeting

Workshop Goals

  • Get an understanding of the project status and roadmap
  • Discus your requirements and expectations with the team
  • Get hands-on …

DNSSEC/Requirements

DNSSEC Requirements

Questions

  • Should we even support SHA-1?
  • GOST?

Must implement

Target DNSSEC Algorithms:

  • RSA/SHA-256 (RFC 5702)
  • RSA/SHA-512 (RFC 5702)

Algorithms:

  • Hash: SHA-256
  • Hash: SHA-512
  • Sign: RSA

Required PKCS11 Mechs:

  • CKM_RSA_PKCS_KEY_PAIR_GEN
  • CKM_SHA256_RSA_PKCS
  • CKM_SHA512_RSA_PKCS
  • CKM_RSA_PKCS (possible …
page 1 | older articles »