Ansgar 🙀 <ansgar@43-1.org> wrote on 30/03/2024 at 20:52:29+0100: > Hi, > > On Sun, 2024-03-31 at 00:40 +0500, Andrey Rakhmatullin wrote: >> On Sat, Mar 30, 2024 at 05:00:26PM +0100, Marco d'Itri wrote: >> >> > I think that the real question is whether we should really still >> > use >> > code-signing keys which are not stored in (some kind of) HSM. >> What are the options for random DDs for that? > > Yubikeys, Nitrokeys, GNUK, OpenPGP smartcards and similar devices. > Possibly also TPM modules in computers. > > These can usually be used for both OpenPGP and SSH keys. > > If someone cannot afford them, I think Debian paying for them is a good > investment; Debian buying tokens for all project members would also be > nice, but logistics are probably annoying... > > A compromised computer alone is then not enough to get a copy of the > private key: one would also need an exploit for the hardware token. > (A compromised computer can still give temporary access to the key when > it is in use and unlocked; some devices can require pushing a button > for signing, but of course a compromised computer could claim to sign > something different than what gets signed and just show a "wrong PIN" > message to have the user try again.) > > If you believe the hardware token to have a backdoor, exploiting it > might still require physical access to the token. I'd be happy to have Debian France care about buying and having yubikeys delivered to any DD over the world. -- PEB Debian France's Treasurer, happy to spend time to make things safer.
Attachment:
signature.asc
Description: PGP signature