View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0006175 | Taler | exchange | public | 2020-04-11 22:07 | 2021-08-24 16:23 |
| Reporter | Christian Grothoff | Assigned To | Christian Grothoff | ||
| Priority | normal | Severity | feature | Reproducibility | N/A |
| Status | closed | Resolution | fixed | ||
| Platform | i7 | OS | Debian GNU/Linux | OS Version | squeeze |
| Product Version | git (master) | ||||
| Target Version | 0.8 | Fixed in Version | 0.8 | ||
| Summary | 0006175: implement privilege separation for access to online signing keys | ||||
| Description | We should not allow the main exchange HTTP process direct access to the exchange's signing keys (RSA or EdDSA). Instead, those keys should be kept internal to another process running under a different UID. The HTTPD should then use IPC (per-thread UNIX DGRAM connection is the preferred right now) to send signing requests to the helper process. The helper process setup must ensure that the UNIX socket is ONLY accessible to the HTTPD. This will prevent the private keys from being fully disclosed to an adversary if they were able to gain RCE in the HTTPD process. Naturally, they can still use the helper as a signing oracle, but the damage will still be a bit more limited. Also, this should facilitate transitioning to an HSM in the future. | ||||
| Tags | No tags attached. | ||||
|
|
https://git.taler.net/exchange.git/tree/src/util/taler-helper-crypto-rsa.c is the new process for the privilege separation of the RSA keys, with crypto_helper_denom.c being the library to access the new signing service. Feedback welcome. |
|
|
Implemented in 8bed4152..b5d88fc2. Note that the 'old' key management logic was NOT removed with this patch. This, and more documentation, is still needed before this bug is finished. |
|
|
Should be complete. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2020-04-11 22:07 | Christian Grothoff | New Issue | |
| 2020-04-11 22:07 | Christian Grothoff | Status | new => assigned |
| 2020-04-11 22:07 | Christian Grothoff | Assigned To | => Christian Grothoff |
| 2020-04-11 22:09 | Christian Grothoff | Assigned To | Christian Grothoff => |
| 2020-04-11 22:09 | Christian Grothoff | Status | assigned => confirmed |
| 2020-04-13 02:40 | Christian Grothoff | Target Version | => 0.9 |
| 2020-07-16 15:19 | Christian Grothoff | Assigned To | => Christian Grothoff |
| 2020-07-16 15:19 | Christian Grothoff | Status | confirmed => assigned |
| 2020-11-22 22:33 | Christian Grothoff | Note Added: 0017149 | |
| 2020-12-14 15:44 | Christian Grothoff | Note Added: 0017198 | |
| 2020-12-19 15:16 | Christian Grothoff | Status | assigned => resolved |
| 2020-12-19 15:16 | Christian Grothoff | Resolution | open => fixed |
| 2020-12-19 15:16 | Christian Grothoff | Fixed in Version | => 0.9 |
| 2020-12-19 15:16 | Christian Grothoff | Note Added: 0017217 | |
| 2021-07-30 13:57 | Christian Grothoff | Fixed in Version | 0.9 => 0.8.1 |
| 2021-07-30 13:59 | Christian Grothoff | Target Version | 0.9 => 0.8.1 |
| 2021-07-30 14:02 | Christian Grothoff | Fixed in Version | 0.8.1 => 0.8 |
| 2021-07-30 14:02 | Christian Grothoff | Target Version | 0.8.1 => 0.8 |
| 2021-08-24 16:23 | Christian Grothoff | Status | resolved => closed |
