iijlabセミナー オープンなセキュリティ技術へのアプローチ 演題: How to Hide Your Lion (or Lions')? GnuPGの開発と、その秘密鍵の管理をするハードウェアについて論じます。 GnuPGはプライバシを守ることを目的とする、暗号を扱う自由ソフトウェアです。 暗号メールに使われるほか、開発者による電子署名、 ソフトウェア配布の電子署名に使われ、広く役立っています。 暗号を扱う際の難しい課題が、「秘密鍵をどこに置くか」です。 また、ユーザのコンピューティングを尊重する観点からは、 その秘密鍵を利用したコンピューティングがユーザによってどのように制御できるか、が重要になります。 この課題に挑戦している、自由ソフトウェア Gnuk と自由なハードウェア設計FST-01 を紹介します。 ----------------- FST-01: http://www.seeedstudio.com/depot/s/FST-01.html http://www.seeedstudio.com/wiki/FST-01 Gnuk: http://www.fsij.org/gnuk/ http://www.fsij.org/doc-gnuk/ In Japanese: http://no-passwd.net/fst-01-gnuk-handbook/ http://no-passwd.net/fst-01-neug-handbook/ ---------------------- How to Hide Your Lion Children's book: How to Hide a Lion, by Helen Stephens, 2012 How does a very small girl hide a very large lion? It's not easy, but Iris has to do her best, because mums and dads can be funny about having a lion in the house. ---------------------- Under Control, by Yourself? Food: Nutrition, Additive, Tracebility Transportation: Driving a car or Taking a taxi Train or Airplane Computer, Your Own Computing: Operating system, CPU, Network... Free Software (and Free Hardware Design) matters Your Own Life: Just a (deterministic) function of your birth day (and zodiac sign)? ---------------------- My Free Software Road: No Use of Power Bushido or Zen (Japanese Buddhism) Spiritual Discipline Intuition and Experience (not Science) Code Dojo in 2005 by FSIJ Example: Ramen Restaurants, Sushi Bars ---------------------- After "Summer of Snoden" in 2013, people talk about encryption, but it's sometimes just about encryption of communication channel ("https://"), not about our own encryption (of file, email, information, etc.). It's unfortunately rare to talk about our privacy and how we can control our "keys", or how entropy (not controlled by anyone) is important. We care. More than twenty years (for me). Specifically, GNU Project started 30 years ago for freedom of our own computing. GNU Privacy Guard version 1.0 was released 15 years ago. ---------------------- GNU Privacy Guard (GnuPG) GNU version of PGP (Pretty Good Privacy) Pretty Good Privacy: 1991 by Phil Zimmermann File encryption, Email encryption using Public-Key Cryptography ---------------------- EMAIL SELF-DEFENSE: https://emailselfdefense.fsf.org GNU Privacy Guard: https://www.gnupg.org/ ---------------------- Public-Key Cryptography Pair of public key and private key How reliably distribute public keys How securely maintain private keys ---------------------- Digital signature source code with digital signature archive key from distribution (e.g. Debian) authentication for remote service (e.g. OpenSSH) ---------------------- GnuPG 1.x series GnuPG 2.0.x series Development: GnuPG 2.1.x series NEW in 2.1.x: Elliptic Curve Crypto Perhaps, Curve25519 and ed25519 ---------------------- Gnuk and FST-01 How to maintain your private key dilemma: more secure or more freedom/control card reader: proprietary smartcard: proprietary --> free software implementation --> Gnuk --> free hardware design --> FST-01 ---------------------- Gnuk started 2010 Joined GnuPG development FST-01 started 2011 FST-01 production version 2012 NeuG 2013 FSM-55 2014 ---------------------- Plan: Release keys of GnuPG: Three different time zone Europe, US, and Japan ---------------------- Gnuk OpenPGPcard compatible STM32F103 @ 72MHz 1.4sec for RSA 2048-bit ---------------------- Gnuk implementation Written in C Thread library: 1.0.x: ChibiOS/RT 1.1.x: Chopstx Crypto: AES, RSA: PolarSSL SHA2: Dr. Brian Gladman ECC: gniibe ---------------------- FST-01 Designed with KiCAD Production by Seeed Technology ---------------------- Think about attack vectors and how you can check Lower level implementation would be good? Reproducible product matters Happy Hacking matters here ---------------------- for Happy Hacking Freedom of our own computing (for GnuPG) of Happy Hacking Free Software, Free hardware design by Happy Hacking KiCAD ----------------------