= Intro = Collection of technical notes for support of the [[Roots/NewRootsTaskForce]] and the [[Roots/CreationCeremony]]. Also see the [[SecurityManual]]. == Creating the Key with OpenSSL == Use these: ||openssl x509, openssl ca, openssl genrsa|| For research.... == Random Feed == * openssl [[takes http://www.openssl.org/support/faq.html#USER1|random number seed check]]: openssl provides a mechanism to look for EGD daemon socket eg /dev/entropy or from environment RANDFILE variable setting for file with random number. Use -rand option of openssl for random number seed (fifo) socket on private key generation. === Sources of RNGs (daemons) for mixing === * [[http://www.irisa.fr/caps/projects/hipsor/|HAVEGE]] needs linux => takes randomness from internal states of the CPU which are more or less random as there are frequent system context switches * /dev/random, which can be seeded via super user access and /dev/[us]random. * [[http://www.av8n.com/turbid/|turbid]] which provides mechanism for obtaining entropy via alsa audio Linux drivers (academic report). Must be calibrated. Turbid can seed OpenSSL via FIO or /dev/random. Use standard Turbid code. The [[http://www.av8n.com/turbid/paper/turbid.htm|paper]] describes the theoretical backgrounds and how to. * ccd noise method. * One suggestion is photos of white or grey backgounds * another is here: [[http://www.lavarnd.org/|LavaRnd]] * then hash the frames === Methods of mixing the RNs === * feed all sources all into /dev/random. Problems: * how do we know it is working? Use verbalized mode of program to show this is working. ''What is that?'' * can do these to check functionality: {{{ cd /proc/sys/kernel/random/ cat uuid # fetches random from the pool... cat entropy_avail # reveals how much is in the pool }}} * XOR all the different sources together. Problems: * need to read the code. E.g., [[attachment:mix.c]] . * ''(Previous version was buggy and did logical OR instead of XOR; I just replaced it. –[[NicoR]])'' * Check the XOR method. * ''Thanks NicoR. You did read it. But, how are we going to know that others are reading the source code??? - [[Iang]]'' * encrypt one feed with the key in the other feed. Problems: * need to read the code, and * need to chain it for more then 2 feeds. * concatenate all sources and SHA2 them * it was pointed out on [[http://www.metzdowd.com/pipermail/cryptography/2015-December/027687.html|crypto]] that a better way would be to append all the different sources and hash the result, as XOR can be attacked if the other inputs can be seen * concatenate by mixing on byte level === Tooling === ==== OpenSSL ==== || ''Which''|| ''version'' || ''md5'' || ''sha1'' || || '''current best''' || OpenSSL=openssl-0.9.8i || OpenSSL_MD5="561e00f18821c74b2b86c8c7786f9d8b" || OpenSSL_SHA1="b2e029cfb68bf32eae997d60317a40945db5a65f"|| ||''comments:''|||||| current best should have all the best patches in it || || '''FIPS validated''' || OpenSSL=openssl-fips-1.1.2 || OpenSSL_MD5="[[ftp://ftp.openssl.org/source/openssl-fips-1.1.2.tar.gz.md5|8d618698947a48e93c57e5808d663669]]" || OpenSSL_SHA1="[[ftp://ftp.openssl.org/source/openssl-fips-1.1.2.tar.gz.sha1|e2f210a41469e73d8b2c2793d8925fbbac243fe2]]" || || ''comments:'' |||||| FIPS 1.1.2 fixes [[http://marc.info/?l=openssl-announce&m=119634721528429&w=2|PRNG bug]] that was in the 1.1.1 validated version. || || ''policy:'' |||||| FIPS 1.1.2 is to be read and used with [[http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp918.pdf|OpenSSL FIPS 140-2 Security Policy]] Version 1.1.2 || * [[http://www.openssl.org/source/|http://www.openssl.org/source/]] to download all versions (use FTP links to see hashes) * ${WGET} -v -O ${OpenSSL}.tar.gz http://www.openssl.org/source/${OpenSSL}.tar.gz * ${WGET} -v -O ${OpenSSL}.tar.gz.md5 http://www.openssl.org/source/${OpenSSL}.tar.gz.md5 ==== OpenPGP ==== * GNUPG [[http://www.gnupg.org/download/integrity_check.en.html|Integredity checking]]: * GNUPG=gnupg-1.4.9 GNUPG_SHA1="826f4bef1effce61c3799c8f7d3cc8313b340b55" GNU_MD5="cc52393087480ac8d245625004a6a30c" * GNUPG2=gnupg-2.0.9 GNUPG2_SHA1="959bdb934e3a72d256bfbd0122d996a73adb5d1f" * ${WGET} -v -O ${GNUPG}.tar.bz2 ftp://ftp.gnupg.org/gcrypt/gnupg/${GNUPG}.tar.bz2 * ${WGET} -v -O ${GNUPG2}.tar.bz2 ftp://ftp.gnupg.org/gcrypt/gnupg/${GNUPG2}.tar.bz2 * echo "$GNUPG_MD5 ${GNUPG}.tar.bz2" >${GNUPG}.tar.bz2.md5 ==== Random Numbers ==== * Turbid software with hardware tooling (audio cabling, Voltmeter) to generate seed with reported entropy (see study Turbid). * turbid_MD5="b5170bccaf06ec905a75042cc95ce965" * ${WGET} -v -O turbid.tgz http://www.av8n.com/turbid/turbid.tgz * turbid makes use of alsa audio drivers and sound card: . soundcard to be used: Creative SB PC128 CT4700, in full duplex mode . Turbid QA box, stereo audio cabling, Fluke 10 multimeter for saturation calibration . ENS1370 Soundcard specific turbid settings: 208mV saturation, Q=1.17e-05, Rin=25719 (card input impedance, Kout=1.47961, Bandwidth 4556, Vin/Vmeter 0.9996 (should be very close to 1). . There is a script available for redoing soundcard calibration on sound cards (estimated cal. time: 3 hours) * webcam for cheap & cheerful piccy_rng * frame grabber bearshand_Ver.0.7.4.0e.zip BEARSHAND_MD5="ca0b974adbc496d96a7981c9697d8572" * http://moments-studio.com/en/BearsHand/ * /dev/random * must not use /dev/urandom * ''on Linux only, not on *BSD''. On *BSD, /dev/random is synonymous with /dev/urandom . It is broken for entropy collection ==== Misc about /dev/random ==== Data we could put into /dev/random has to be put more or less slowly So we could have a script taking bytes from several files, let's say 10 byte from each file at a time, to feed some randomness into the pool so we can have files with some KB of random stuff from - a camera - turbid (with will be fed automatically) - a laptop - some havege data The thing is to put the data as slowly as possible not to fill up the pool and loose the random data. more on /dev/random in [[OpenSSLHowTo]] We can look at /proc/sys/kernel/random/entropy_avail to see if data is feed by turbid or random sources files into the /dev/random pool ==== Hardware ==== * Stand alone Linux machine with standard CD live to generate private keys * usb sticks for archiving passwords and keys * video recorder for recording process. === Script === ---- . CategoryAudit . CategoryNewRootsTaskForce