Showing only posts by Cryptech Core Team. Show all posts.

Upgrading the Cryptech Alpha HSM

This page explains how to upgrade the Cryptech Alpha firmware, bootloader, and FPGA bitstream (as needed).

All of the operations here use the Alpha's "management" (MGMT) port, so that cable must be connected to your Linux or OSX host machine.

Upgrading from the stock firmware (Berlin workshop or CrowdSupply)

The …

An Open Crypto Chip

The Layer Cake Architecture Picture


Use Cases

  • RPKI/DNSSEC Signing
  • Transport VPNs
  • Routers and TCP/AO
  • Email
  • Federations, Identity Systems, SSO etc
  • Password Stretching & HMAC:ing
  • PGP and SSH Keys on a Stick
  • High Quality Entropy Randomness
  • A Communications Terminal Doing One Thing Well, Like Jabber w/o X11
  • HSM …

Comparison of On-Chip Bus Standards


This document contains a brief summary of different on-chip bus standards. The standards are described and compared based on license and availability, technical specifications and general usage.

The purpose of the document is to provide a basis for selecting the primary bus standard for the Cryptech Open HSM project …

CrypTech Workshop, Praha, 18 July 2015


  • Hilton Hotel, the IETF venue
  • Amsterdam Room (this is a change)
  • 09:00 - 17:00


  • The CrypTech Team
  • Others Who Have Contributed
  • Other Folk at the Meeting

Workshop Goals

  • Get an understanding of the project status and roadmap
  • Discus your requirements and expectations with the team
  • Get hands-on …


DNSSEC Requirements


  • Should we even support SHA-1?
  • GOST?

Must implement

Target DNSSEC Algorithms:

  • RSA/SHA-256 (RFC 5702)
  • RSA/SHA-512 (RFC 5702)


  • Hash: SHA-256
  • Hash: SHA-512
  • Sign: RSA

Required PKCS11 Mechs:

  • CKM_RSA_PKCS (possible cross-check hash with CKM_SHA256 and CKM_SHA512 before signing)
  • CKM_SHA256
  • CKM_SHA512

Should implement

Target …

page 1 | older articles »