Thirdly, and most mundanely, sometimes you just need the same key on multiple hosts. That means we need a key distribution system! But key distribution systems make for very rich targets. That's not something to do lightly.
-
Show this thread
-
The best answer here is to use a secure Key Management Service. We have https://aws.amazon.com/kms/ . KMS uses envelope encryption and support for bootstrapped mechanisms such as instance role accounts to get around all of this.
1 reply 1 retweet 3 likesShow this thread -
With envelope encryption, there's a hierarchy of keys that encrypt other keys, ultimately protected by a hardware root of trust, which mean that KMS can distribute keys without ever having plaintext access to the keys themselves. Very cool. O.k. but ...
2 replies 0 retweets 1 likeShow this thread -
VPC Encryption and our Lever Link Encryption project sit at the very bottom of the AWS networking stacks. And KMS runs on top of this! We'd have a circular dependency if we "just" used KMS, so how do we achieve the same security properties?
1 reply 1 retweet 4 likesShow this thread -
We distribute multiple "pre-secrets". One is distributed in a dedicated key distribution system. The other is distributed using existing configuration distribution systems. These "pre-secrets" are then mixed, using the HKDF key derivation function to make the actual key.
1 reply 0 retweets 2 likesShow this thread -
This is incredibly simple; but it has the effect that if the pre-secrets in the key distribution systems become known somehow, that's not fatal to the system security, it doesn't disclose the actual keys we use.
1 reply 0 retweets 2 likesShow this thread -
This technique works trivially for symmetric keys, but can also be used with a deterministic key generation algorithm to generate the same asymmetric keys on multiple hosts, without central knowledge.
1 reply 0 retweets 2 likesShow this thread -
Boring, simple, patterns are re-assuring in cryptography and I really love this one, because for very little cost, it gives a very meaningful security property. It really surprises me that it isn't more common pattern.
1 reply 0 retweets 2 likesShow this thread -
O.k. when I wrote "only export the private key" I *cough* meant "only export the PUBLIC key"! /end-of-thread
5 replies 0 retweets 20 likesShow this thread -
Replying to @colmmacc
Lever sounds amazing, although all i've seen is a block diagram and the link-end implementation. Is there a public blog somewhere that I can refer people to?
1 reply 0 retweets 0 likes
I'm writing a blog post - anything you'd really like to see in it?
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.