Enablement of Crypto hardware

Hardware based cryptography is becoming more widespread. A prominent example is TPM is present in modern laptops; but also HW tokens (e.g. yubikeys) that have support for GPG/SSH are popular.

The idea of the propsal is to integrate support for these kind of hardware items into GNOME so even non-expert users can setup and use them easily.

Some specific examples:

  • Use TPM/crypto token (like yubikey) for GPG and SSH keys
  • Store the masterkey for gnome-keyring in the TPM (see StoringSecrets)

    • Additionally use something like clevis to also need the password (or the presence of a hw token)

The project consists of the following parts:

  • Backend: gnome-keyring and other bits of infrastructure will need to be adapted to work with crypto HW.
  • Frontend: User-interfaces need to be created, to make it
    • easy to use the crypto HW, e.g. SSH/GPG key generation, importing existing keys.

* PKCS#11 Module for TPM 2.0

Internships/2018/Projects/CryptoHardware (last edited 2018-05-09 08:48:25 by BastienNocera)