* Michael Richardson <m...@sandelman.ca> [23.02.2017 07:57]:
> Yes, use an asymmetric key, and distribute the public part only.
thanks people, for all the input and your ideas. our approach
is now this: we hook into the 'usign' sourcecode and "hide" a
secret there: 2 large random primenumbers. On the serverside,
we store the product (aka: solution) of these 2 numbers. This
is repeated for each generated image. (sorry, it breaks reproducable
builds for now)
The user can prove that he flashed *the specific* image by
calling 'usign -B' and send back the 2 primenumbers to the build-server.
There are some more implications, but basically thats it.
I recognized early, that including a 'quine' is senseless, because
you can read it in plaintext in the object-dump.
I'am not an expert in crypto, but as far as I understand
the approach is an asymetric key. I'am interested in feedback, see
the patch attached.
bye, bastian
>From bbd520f1ee96f2876a7dfd8ad14ba0445ed1abea Mon Sep 17 00:00:00 2001
From: Bastian Bittorf <b...@npl.de>
Date: Thu, 23 Feb 2017 08:16:28 +0100
Subject: [PATCH] usign: support new option '-B': print a secret which was
included during build
we MUST patch the sourcecode (string PRIME1/PRIME2) before compiling:
we need to include two large random primenumbers, like:
#!/bin/sh
P1=$(openssl prime -generate -bits 256)
P2=$(openssl prime -generate -bits 256)
sed -e "s/PRIME1/\"$P1\"/" -e "s/PRIME2/\"$P2\"/" main.c
after that, a user can prove that he knows the
solution (two prime factors) to a serverside stored "product",
which is generated for each image, so the user can prove,
that he really flashed the image, and that it works.
Signed-off-by: Bastian Bittorf <b...@npl.de>
---
main.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/main.c b/main.c
index 3536443..84aa4c1 100644
--- a/main.c
+++ b/main.c
@@ -334,6 +334,7 @@ static int usage(const char *cmd)
" -S: sign (needs at least -m and -s)\n"
" -F: print key fingerprint of public/secret key or signature\n"
" -G: generate a new keypair (needs at least -p and -s)\n"
+ " -B: show a secret, which was included during build\n"
"Options:\n"
" -c <comment>: add comment to keys\n"
" -m <file>: message file\n"
@@ -360,8 +361,11 @@ int main(int argc, char **argv)
const char *msgfile = NULL;
int ch;
- while ((ch = getopt(argc, argv, "FGSVc:m:P:p:qs:x:")) != -1) {
+ while ((ch = getopt(argc, argv, "BFGSVc:m:P:p:qs:x:")) != -1) {
switch (ch) {
+ case 'B':
+ fprintf(stdout, "%s %s\n", PRIME1, PRIME2);
+ return 0;
case 'V':
set_cmd(argv[0], CMD_VERIFY);
break;
--
1.9.1
_______________________________________________
Lede-dev mailing list
Lede-dev@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/lede-dev
