[MEN-3163] Hardware security for signing - Northern.tech AS

XML

Word

Printable

Details

Type: Epic
Status: Open
Priority: (None)
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Labels:
None

Epic Name:
Hardware security for signing
Epic Report:
https://tracker.mender.io/secure/RapidBoard.jspa?rapidView=10&projectKey=MEN&view=reporting&chart=epicBurndown&epic=MEN-3163
Epic Total Estimate:
21
DoD:

show more show less

Description

Security-sensitive environments rely on a "Hardware Security Module" or alternatively a TPM to store and use cryptographic keys so they can not easily be stolen by attackers.

HSM/TPM hardware can also be used in a CI/CD setting to store the key which is used to sign the Mender Artifacts.

User value (why)

Lower risk of compromising keys used by Mender
Integration with existing key management system used by other device application

Acceptance criteria

mender-artifact can use private key stored in hardware to generate signatures
Mender client can use a public key stored in hardware to verify signatures

Attachments

Activity

People

Assignee:: Peter Grzybowski

Reporter:: Mirza Krak

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 10/Feb/20 10:08 AM

Updated:: 16/Dec/20 2:23 PM