Tkey for signing keys. Motivation: Sigsum needs long-lived signing keys,
with backup in case the device holding the signing key (and maybe the
rest of the site as well) is destroyed. Same may apply to other long
lived keys, e.g., close to the top of a cert hierarchy/delegation chain.
1. Signer app: Recieve an encrypted signing key, encrypted to the key's
unique key using some public key crypto algorithm. Decrypts the
signing key, and acts as signing oracle. Also needs a way to
advertise its own pubkey, as well as the pubkey corresponding to the
signing key.
2. Keygen app: Takes a list of public keys. Generates a new signing key,
and encrypts it to each of the public keys.
3. Export app: Takes public keys and an encrypted signing key. Decrypts
using its own unique key, and reencrypts to each of the public keys.
Also needs a way to advertise its own pubkey. (Similar role as a
yubihsm with key export enabled, but with "keywrap" done using public
keys rather than a symmetric key).
Usage scenario: Get at least three tkeys, two intended as backups, the
other(s) as signing oracles. Extract the public keys for each key and
the respective intended app (signer or exporter). Load the key-gen app
on any of the keys, and give it all those pubkeys.
Store the resulting encrypted blob reliably. Lock up the two
backup/export keys. Attach a signing key to the machine intended to do
signing, and provide the encrypted blob and the signing app on that
machine.
When any one of the keys breaks, take one of the export keys out of the
safe, and use it to reencrypt the signing key to a replacement key of
the appropriate type.
Extension 1 (technically quite easy, I think): Add a symmetric
key/passphrase, required for operation of the keys, either a single one,
or separate for each key. Would be particularly relevant for access to
the export keys, and it would also make sense to apply k-of-n secret
sharing of the secret needed to operate the export keys.
Extension 2 (hand waving): Have the signer app require a proof of
logging of the act of exporting the signing key to that particular key.
/Niels
