[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #28000 [Core Tor/Tor]: Add support for performing signing operations using ssh-agent
#28000: Add support for performing signing operations using ssh-agent
--------------------+------------------------------
Reporter: ln5 | Owner: ln5
Type: task | Status: assigned
Priority: Medium | Component: Core Tor/Tor
Version: | Severity: Normal
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------+------------------------------
It would be nice if private keys on disk could be protected better. One
way of doing this is to add support in tor for communicating with ssh-
agent for signing operations instead of accessing the secret key itself by
reading it from an unencrypted file stored on disk.
From the operators perspective, this would require i) running ssh-agent
and ii) adding key(s) to the agent before starting tor.
ssh-agent binds to a UNIX domain socket which tor would open and
communicate over using the protocol specified in
https://tools.ietf.org/html/draft-miller-ssh-agent-02.
I propose that configuration options are added for relevant keys and that
the format include a type field specifying how to access the key. The type
field would be separated from the rest of the option value by `:`. The two
defined options would be `file` and `ssh-agent`. File type keys would have
a path specification and ssh-agent keys would have a public key in Base64
(and an optional `PKCS #11` provider name if that shows to be necessary to
accommodate multiple simultaneous HSM devices). A key not mentioned in the
configuration simply defaults to current tor behaviour (implying `file`
type) for backward compatibility.
It should be noted that an operator who's able to put secret keys on an
encrypted volume, mounted at system startup, achieves a similar
protection. An upside of the proposed approach is that keys can be moved
to an external deviece (often called an HSM) that has a `PKCS #11`
provider.
Another way of achieving the single goal of encrypting keys on disk would
be to allow for encrypted keys (presumably by storing them in `PKCS #8`
format instead of `PKCS #1`) and somehow make tor read pass phrase(s) from
somewhere when starting up.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28000>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs