View Issue Details

IDProjectCategoryView StatusLast Update
0006175Talerexchangepublic2020-11-22 22:33
ReporterChristian Grothoff Assigned ToChristian Grothoff  
PrioritynormalSeverityfeatureReproducibilityN/A
Status assignedResolutionopen 
Platformi7OSDebian GNU/LinuxOS Versionsqueeze
Product Versiongit (master) 
Target Version0.9 
Summary0006175: implement privilege separation for access to online signing keys
DescriptionWe should not allow the main exchange HTTP process direct access to the exchange's signing keys (RSA or EdDSA).
Instead, those keys should be kept internal to another process running under a different UID. The HTTPD should then
use IPC (per-thread UNIX DGRAM connection is the preferred right now) to send signing requests to the helper process.
The helper process setup must ensure that the UNIX socket is ONLY accessible to the HTTPD.

This will prevent the private keys from being fully disclosed to an adversary if they were able to gain RCE in the HTTPD process. Naturally, they can still use the helper as a signing oracle, but the damage will still be a bit more limited.

Also, this should facilitate transitioning to an HSM in the future.
TagsNo tags attached.

Activities

Christian Grothoff

2020-11-22 22:33

manager   ~0017149

https://git.taler.net/exchange.git/tree/src/util/taler-helper-crypto-rsa.c is the new process for the privilege separation of the RSA keys, with
crypto_helper_denom.c being the library to access the new signing service. Feedback welcome.

Issue History

Date Modified Username Field Change
2020-04-11 22:07 Christian Grothoff New Issue
2020-04-11 22:07 Christian Grothoff Status new => assigned
2020-04-11 22:07 Christian Grothoff Assigned To => Christian Grothoff
2020-04-11 22:09 Christian Grothoff Assigned To Christian Grothoff =>
2020-04-11 22:09 Christian Grothoff Status assigned => confirmed
2020-04-13 02:40 Christian Grothoff Target Version => 0.9
2020-07-16 15:19 Christian Grothoff Assigned To => Christian Grothoff
2020-07-16 15:19 Christian Grothoff Status confirmed => assigned
2020-11-22 22:33 Christian Grothoff Note Added: 0017149