Showing only posts by Rob Austein. Show all posts.

Secure Channel

This is a sketch of a design for the secure channel that we want to have between the Cryptech HSM and the client libraries which talk to it. Work in progress, and not implemented yet because a few of the pieces are still missing.

Design goals and constraints

Basic design …

Release Notes

3.0, May 2017

  • New keystore implementation. Basically a very small flash filesystem, including basic wear leveling. Maximum number of keys varies depending on key size and how many options are attached, but for any reasonable use it should hold on the order of 2,000 keys at least.
  • In-memory …

Building Cryptech Software/Firmware/Bitstream From Source

Everything you need to build our software, firmware, and FPGA bitstreams from source yourself is publicly available, but the process is a bit complicated. Overall, there are two methods, one of which our developers use while writing this stuff, the other of which we use for the automated reproducible builds …

Upgrading Cryptech Alpha HSM to "ksng" development package

This page attempts to explain the upgrade procedure for testing out the new "ksng" development branch of the Cryptech Alpha firmware.


This particular upgrade is more complicated than we would have preferred, due to the interaction of two unrelated factors:

  1. As the name (obscurely) implies, the main feature in …

Binary Packages for Cryptech Software and Firmware

The Cryptech Project maintains APT and Homebrew repositories containing packaged software for the Cryptech Alpha board for Debian and Ubuntu Linux and for Mac OS X. The binary packages also include pre-compiled images for the Alpha Board's Artix-7 FPGA, Cortex M4 ARM CPU, and AVR ATtiny828 MCU.

How to get …

DNSSEC signing using OpenDNSSEC and a Cryptech alpha board rev03

Before you start, you'll need

  • A Cryptech Alpha board, preferrably revision "rev03"
  • APT on the host system configured to find packages in the Cryptech repository, see BinaryPackages for instructions
apt-get install cryptech-alpha opendnssec opensc

Once you have the software package installed, you may need to upgrade your HSM's firmware.

Configure …