Difference between revisions of "Security notes / Unsorted"
m (→JSON Web Signature, Encryption, Tokens) |
m |
||
| Line 421: | Line 421: | ||
--> | --> | ||
| − | |||
==JSON Web Signature, Encryption, Tokens== | ==JSON Web Signature, Encryption, Tokens== | ||
{{stub}} | {{stub}} | ||
| + | <!-- | ||
===JSON Web Signature (JWS)=== | ===JSON Web Signature (JWS)=== | ||
| Line 433: | Line 433: | ||
* https://tools.ietf.org/html/rfc7515 | * https://tools.ietf.org/html/rfc7515 | ||
| − | + | Including JSON Web Key (JWK) https://tools.ietf.org/html/rfc7517 | |
| + | |||
===JSON Web Encryption (JWE)=== | ===JSON Web Encryption (JWE)=== | ||
Revision as of 15:58, 3 January 2022
| Security related stuff.
Practical
|
| This article/section is a stub — probably a pile of half-sorted notes, is not well-checked so may have incorrect bits. (Feel free to ignore, fix, or tell me) |
Contents
TPM
| This article/section is a stub — probably a pile of half-sorted notes, is not well-checked so may have incorrect bits. (Feel free to ignore, fix, or tell me) |
What?
Trusted Platform Module is part of the Trusted Computing design.
The TPM is basically the hardware part of that design.
Physically, TPM is often a hardware module that can be plugged into PC motherboards and laptops, and may be built into laptops (fairly common in business laptops).
One could also be part of a CPU (helps against some physical attacks), but there is some value to keeping it separate (e.g. if the CPU is upgradable).
(You could also implement the spec in code, but doing so means you lose the isolated environment, which defeats half the point)
The TPM is a few different things to different people/needs.
It e.g. helps store some keys, creates derived keys without revealing the original, does certain crypto.
It being separate hardware
- makes attack surface much smaller and some attacks much harder to do remotely,
- makes it harder to steal keys,
- means there are some cases where you can use a key it stored without every transporting it out.
- ...and that you can use some keys without having to keep them in RAM
- Keys for some uses can be marked as "never move these out".
- Some other uses require them to be migratable, though.
- lets you tie certain keys to the specific TPM
- which alleviates certain physical attacks.
- For example, you can force an encrypted drive to only work on the computer you encrypted it on
- you can prevent booting something that wasn't previously approved
- as protection against malware that alters the boot
- again, with footnotes.
"Can't detect TPM device"
Means the BIOS knows that you can plug in a TPM module, and is looking for it (being told to, or always does), and doesn't find one.
So tell it not to look for one (if you can), plug one in, or ignore this message. It's often under a header named something like 'Trusted Computing'
Some BIOSes will always look for it(verify), in which case you can just ignore the message.
More acronyms
What does TPM not protect?
TPM versus TPM2
Use and criticism, strengths and weaknesses
| This article/section is a stub — probably a pile of half-sorted notes, is not well-checked so may have incorrect bits. (Feel free to ignore, fix, or tell me) |
See also
Nonce
Challenge/response
ZKP
JSON Web Signature, Encryption, Tokens
| This article/section is a stub — probably a pile of half-sorted notes, is not well-checked so may have incorrect bits. (Feel free to ignore, fix, or tell me) |
