HSM
Table of Contents
-
<<<<<<< Updated upstream
- 1. Hardware Security Token
- 1.1. TODO Questions
[0/2]
- 1.2. Use Cases
- 1.3. Standards
- 1.4. Vendors/Features
- 1.5. Setup
- 1.5.1. TODO SoloKey solo1 information
- 1.5.2. TODO Using SoloKey for Linux Login - SCHULZ:DK
- 1.5.3. TODO LUKS with SoloKey: https://github.com/saravanan30erd/solokey-full-disk-encryption
- 1.5.4. TODO Web U2F =======
- 1. Hardware Security Token
- 1.1. TODO Questions
1. Hardware Security Token
1.1. TODO Questions [0/2]
1.1.1. TODO Difference TPM and HSM?
1.1.2. TODO Quick overview symmetric/asymmetric Crypto
=======1. Hardware Security Token
1.1. TODO Questions [0/2]
1.1.1. TODO Difference TPM and HSM?
1.1.2. TODO Quick overview symmetric/asymmetric Crypto
>>>>>>> Stashed changes1.2. Use Cases
1.2.1. TODO Authentication at Web Services
=======1.2. Use Cases
1.2.1. TODO Authentication at Web Services
>>>>>>> Stashed changesbanking, email, CMS, (developer) platforms, hosting provider, etc
1.2.2. TODO Unlock LUKS
1.2.3. TODO Unlock KeePass
=======1.2.2. TODO Unlock LUKS
1.2.3. TODO Unlock KeePass
>>>>>>> Stashed changes- for limitations see FAQ: https://keepassxc.org/docs/#faq-yubikey-howto
- TL;DR: KeePass uses static password, which is not supported by SoloKeys
1.2.4. TODO Unlock SSH keys/agent
1.2.5. TODO Unlock Desktop
1.3. Standards
=======1.2.4. TODO Unlock SSH keys/agent
1.2.5. TODO Unlock Desktop
1.3. Standards
>>>>>>> Stashed changesW3C and FIDO2 Project - Wikipedia
- WebAuthn
- WebAuthn - Wikipedia
- web standard (by W3C) to standardize public-key crypto authentication for web-applications
- on client-side, the crypto operations are performed on a TPM or off-loaded to a roaming hardware autheticator via CTAP1
- backwards compatible with U2F
- CTAP
- Client to Authenticator Protocol - Wikipedia
- (no term)
- How FIDO Works - Standard Public Key Cryptography & User Privacy
- (no term)
- previous Technologies/Standard
1.4. Vendors/Features
=======1.4. Vendors/Features
>>>>>>> Stashed changesOverview of available dongles: USB Dongle Authentication (info on the site is probably not neutral, beware of the Sponsor) List of available services: https://2fa.directory/
1.4.1. SoloKey
=======1.4.1. SoloKey
>>>>>>> Stashed changes- https://solokeys.com/collections/all
- supports U2F
- https://hackmd.io/@solokeys/solo2-getting-started
- https://github.com/solokeys/solo2 (coming 2023?)
- https://github.com/solokeys/solo1 (Somu uses this aswell)
1.4.2. Yubico Yubikey
1.4.3. NitroKey
1.4.4. OnlyKey
=======1.4.2. Yubico Yubikey
1.4.3. NitroKey
1.4.4. OnlyKey
>>>>>>> Stashed changes1.5. Setup
1.5.1. TODO SoloKey solo1 information
[ +15.518095] usb 3-1: new full-speed USB device number 6 using xhci_hcd =======1.5. Setup
<<<<<<< Updated upstream1.5.1. TODO SoloKey solo1 information
[ +15.518095] usb 3-1: new full-speed USB device number 6 using xhci_hcd >>>>>>> Stashed changes [ +0.149830] usb 3-1: New USB device found, idVendor=0483, idProduct=a2ca, bcdDevice= 1.00 [ +0.000014] usb 3-1: New USB device strings: Mfr=?, Product=?, SerialNumber=? [ +0.000006] usb 3-1: Product: Solo ?.?.? [ +0.000004] usb 3-1: Manufacturer: SoloKeys [ +0.000004] usb 3-1: SerialNumber: [ +0.001951] hid-generic : hiddev0,hidraw0: USB HID v1.11 Device [SoloKeys Solo ?.?.?] on usb-0000:00:14.0-1/input01.5.2. TODO Using SoloKey for Linux Login - SCHULZ:DK
1.5.3. TODO LUKS with SoloKey: https://github.com/saravanan30erd/solokey-full-disk-encryption
=======1.5.2. TODO Using SoloKey for Linux Login - SCHULZ:DK
<<<<<<< Updated upstream1.5.3. TODO LUKS with SoloKey: https://github.com/saravanan30erd/solokey-full-disk-encryption
>>>>>>> Stashed changes
- setup challenge-response with solo1: https://github.com/solokeys/solo1-cli/blob/main/README.md#challenge-response
1.5.4. TODO Web U2F
=======1.5.4. TODO Web U2F
>>>>>>> Stashed changes<<<<<<< Updated upstreamCreated: 2023-01-29 Sun 22:13
=======Created: 2023-04-19 Wed 13:47
>>>>>>> Stashed changes