Hardware Reference
In-Depth Information
Outlining the key protection system
The first step of our analysis is to clearly provide a description of the system we are trying
to protect. In this project, we'll build a logical GPG co-processor using the BBB and the
CryptoCape. We'll store the GPG keys on the BBB and then connect to the BBB over
Se-
cure Shell
(
SSH
) to use the keys and to run GPG. The CryptoCape will be used to encrypt
your GPG key when not in use, known as
at rest
. We'll add a keypad to collect a numeric
code, which will be provided to the TPM. This will allow the TPM to unwrap your GPG
key.
Note
The idea for this project was inspired by Peter Gutmann's work on open source crypto-
graphic co-processors (Gutmann, 2000). The BBB, when acting as a co-processor to a host,
is extremely flexible, and considering the power usage, relatively high in performance. By
running sensitive code that will have access to cleartext encryption keys on a separate hard-
ware, we gain an extra layer of protection (or at the minimum, a layer of indirection).
