Hacker News new | ask | show | jobs
by ShredKazoo 1297 days ago
What would an actual secure workflow for signing artifacts look like?

I'm thinking: Final round of "code review" by security engineer on high-security single-purpose device, build artifact on that device, sign using hardware security module.

I put "code review" in scare quotes because code changes are potentially expensive at this point. For minor issues, turn to your standard workstation and file an issue for next release. For a major security problem, call off the release.
1 comments
throwawaaarrgh 1297 days ago
One guy named Jeff and his boss Clem have access to an offline PC with some signing software in a closet behind a badged door. Not TEMPEST secure unless they have govt contracts. For hardware stuff it might be at the factory.
link
ShredKazoo 1297 days ago
Thanks, interesting.

I don't see how TEMPEST is relevant?

link
throwawaaarrgh 1297 days ago
I mean, if you don't want state actors to steal your super secret keys, maybe secure the power lines and RFI
link
ShredKazoo 1297 days ago
I searched on Google for RFI, not sure what it stands for?
link
wyldfire 1297 days ago
I believe that RFI here is "RF interference." Here's links to learn more about the references above [1] [2].

[1] https://en.wikipedia.org/wiki/Tempest_(codename)

[2] https://en.wikipedia.org/wiki/Van_Eck_phreaking

link
throwawaaarrgh 1296 days ago
Yep. It is pretty trivial to extract encryption keys via either control of voltage or detection of electromagnetic radiation emanating from a server
link