= Intro =

Collection of technical notes for support of the [[Roots/NewRootsTaskForce]] and the [[Roots/CreationCeremony]].  Also see the [[SecurityManual]].

== Creating the Key with OpenSSL ==

Use these:

||openssl x509, openssl ca, openssl genrsa||

For research....

== Random Feed ==

 * openssl [[takes http://www.openssl.org/support/faq.html#USER1|random number seed check]]: openssl provides a mechanism to look for EGD daemon socket eg /dev/entropy or from environment RANDFILE variable setting for file with random number. Use -rand option of openssl for random number seed (fifo) socket on private key generation.

=== Sources of RNGs (daemons) for mixing ===

 * [[http://www.irisa.fr/caps/projects/hipsor/|HAVEGE]] needs linux => takes randomness from internal states of the CPU which are more or less random as there are frequent system context switches
 * /dev/random, which can be seeded via super user access and /dev/[us]random.
 * [[http://www.av8n.com/turbid/|turbid]] which provides mechanism for obtaining entropy via alsa audio Linux drivers (academic report). Must be calibrated. Turbid can seed OpenSSL via FIO or /dev/random. Use standard Turbid code. The  [[http://www.av8n.com/turbid/paper/turbid.htm|paper]] describes the theoretical backgrounds and how to.
 * ccd noise method.
   * One suggestion is photos of white or grey backgounds
   * another is here:  [[http://www.lavarnd.org/|LavaRnd]]
   * then hash the frames

=== Methods of mixing the RNs ===

 * feed all sources all into /dev/random.  Problems:
   * how do we know it is working?  Use verbalized mode of program to show this is working.  ''What is that?''
   * can do these to check functionality:
{{{
cd /proc/sys/kernel/random/
cat uuid            # fetches random from the pool...
cat entropy_avail   # reveals how much is in the pool
}}}
 * XOR all the different sources together.  Problems:
   * need to read the code.  E.g., [[attachment:mix.c]] .
   * ''(Previous version was buggy and did logical OR instead of XOR; I just replaced it. –[[NicoR]])''
   * Check the XOR method.
   * ''Thanks NicoR.  You did read it.  But, how are we going to know that others are reading the source code??? - [[Iang]]''
 * encrypt one feed with the key in the other feed.  Problems:
   * need to read the code, and
   * need to chain it for more then 2 feeds.
 * concatenate all sources and SHA2 them
   * it was pointed out on [[http://www.metzdowd.com/pipermail/cryptography/2015-December/027687.html|crypto]] that a better way would be to append all the different sources and hash the result, as XOR can be attacked if the other inputs can be seen
 * concatenate by mixing on byte level

=== Tooling ===

==== OpenSSL ====

|| ''Which''|| ''version'' || ''md5'' || ''sha1'' ||
|| '''current best''' || OpenSSL=openssl-0.9.8i || OpenSSL_MD5="561e00f18821c74b2b86c8c7786f9d8b" || OpenSSL_SHA1="b2e029cfb68bf32eae997d60317a40945db5a65f"||
||''comments:''|||||| current best should have all the best patches in it ||
|| '''FIPS validated''' || OpenSSL=openssl-fips-1.1.2  || OpenSSL_MD5="[[ftp://ftp.openssl.org/source/openssl-fips-1.1.2.tar.gz.md5|8d618698947a48e93c57e5808d663669]]" || OpenSSL_SHA1="[[ftp://ftp.openssl.org/source/openssl-fips-1.1.2.tar.gz.sha1|e2f210a41469e73d8b2c2793d8925fbbac243fe2]]" ||
|| ''comments:'' |||||| FIPS 1.1.2 fixes [[http://marc.info/?l=openssl-announce&m=119634721528429&w=2|PRNG bug]] that was in the 1.1.1 validated version. ||
|| ''policy:'' |||||| FIPS 1.1.2 is to be read and used with [[http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp918.pdf|OpenSSL FIPS 140-2 Security Policy]] Version 1.1.2 ||

 * [[http://www.openssl.org/source/|http://www.openssl.org/source/]] to download all versions (use FTP links to see hashes)
 * ${WGET} -v -O ${OpenSSL}.tar.gz http://www.openssl.org/source/${OpenSSL}.tar.gz
 * ${WGET} -v -O ${OpenSSL}.tar.gz.md5 http://www.openssl.org/source/${OpenSSL}.tar.gz.md5

==== OpenPGP ====

 * GNUPG [[http://www.gnupg.org/download/integrity_check.en.html|Integredity checking]]:
   * GNUPG=gnupg-1.4.9 GNUPG_SHA1="826f4bef1effce61c3799c8f7d3cc8313b340b55" GNU_MD5="cc52393087480ac8d245625004a6a30c"
   * GNUPG2=gnupg-2.0.9 GNUPG2_SHA1="959bdb934e3a72d256bfbd0122d996a73adb5d1f"
 * ${WGET} -v -O ${GNUPG}.tar.bz2 ftp://ftp.gnupg.org/gcrypt/gnupg/${GNUPG}.tar.bz2
 * ${WGET} -v -O ${GNUPG2}.tar.bz2  ftp://ftp.gnupg.org/gcrypt/gnupg/${GNUPG2}.tar.bz2
 * echo "$GNUPG_MD5  ${GNUPG}.tar.bz2" >${GNUPG}.tar.bz2.md5

==== Random Numbers ====
 * Turbid software with hardware tooling (audio cabling, Voltmeter) to generate seed with reported entropy (see study Turbid).
   * turbid_MD5="b5170bccaf06ec905a75042cc95ce965"
   * ${WGET} -v -O turbid.tgz http://www.av8n.com/turbid/turbid.tgz
   * turbid makes use of alsa audio drivers and sound card:
    . soundcard to be used: Creative SB PC128 CT4700, in full duplex mode
    . Turbid QA box, stereo audio cabling, Fluke 10 multimeter for saturation calibration
    . ENS1370 Soundcard specific turbid settings: 208mV saturation, Q=1.17e-05, Rin=25719 (card input impedance, Kout=1.47961, Bandwidth 4556, Vin/Vmeter 0.9996 (should be very close to 1).
    . There is a script available for redoing soundcard calibration on sound cards (estimated cal. time: 3 hours)
 * webcam for cheap & cheerful piccy_rng
   * frame grabber bearshand_Ver.0.7.4.0e.zip BEARSHAND_MD5="ca0b974adbc496d96a7981c9697d8572"
   * http://moments-studio.com/en/BearsHand/
 * /dev/random
   * must not use /dev/urandom
   * ''on Linux only, not on *BSD''.  On *BSD, /dev/random is synonymous with /dev/urandom .  It is broken for entropy collection

==== Misc about /dev/random ====


Data we could put into /dev/random has to be put more or less slowly

So we could have a script taking bytes from several files, let's say 10 byte from each file at a time, to feed some randomness into the pool

so we can have files with some KB of random stuff from
- a camera
- turbid (with will be fed automatically)
- a laptop
- some havege data

The thing is to put the data as slowly as possible not to fill up the pool and loose the random data.

more on /dev/random in [[OpenSSLHowTo]]

We can look at /proc/sys/kernel/random/entropy_avail to see if data is feed by turbid or random sources files into the /dev/random pool

==== Hardware ====

 * Stand alone Linux machine with standard CD live to generate private keys
 * usb sticks for archiving passwords and keys
 * video recorder for recording process.

=== Script ===


----
 . CategoryAudit
 . CategoryNewRootsTaskForce