Uploaded image for project: 'Mender'
  1. Mender
  2. MEN-3163

Hardware security for signing

    XMLWordPrintable

    Details

    • Type: Epic
    • Status: Open
    • Priority: (None)
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Labels:
      None

      Description

      Security-sensitive environments rely on a "Hardware Security Module" or alternatively a TPM to store and use cryptographic keys so they can not easily be stolen by attackers.

      HSM/TPM hardware can also be used in a CI/CD setting to store the key which is used to sign the Mender Artifacts.

      User value (why)

      • Lower risk of compromising keys used by Mender
      • Integration with existing key management system used by other device application

      Acceptance criteria

      • mender-artifact can use private key stored in hardware to generate signatures
      • Mender client can use a public key stored in hardware to verify signatures

        Attachments

          Activity

            People

            Assignee:
            merlin Peter Grzybowski
            Reporter:
            mirzak Mirza Krak
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:

                Zendesk Support