Join Log in
Score:4
telescope avatar Crypto

Deriving private keys from a signature/HSM

jp flag
telescope

I have access to an HSM that can sign messages but doesn't have a way to expose the private key. The signatures are deterministic (RFC 6979). Another application only works with ed25519 signatures which isn't supported by the HSM.

Is it safe to have the HSM sign a message and use the signature as a secret to deterministically generate an ed25519 key pair? If not, I would like to know why instead of simply "you shouldn't do this"

If possible, the user should only rely on the HSM for security without having to securely keep another private key.

EDIT:

To clarify here's what I want to do. Have a static message M signed by the HSM producing a signature S. Use S as a secret to derive an ed25519 keypair. Being able to deterministically get back the ed25519 private key from the fixed message without asking the user to store an additional private key is the property i'm looking for.

Are private keys derived from a signature secure compared to being derived from the private key of the HSM itself? Assuming the signature is never revealed but the static message is publicly known.

325
2 + 4
Maarten Bodewes avatar
in flag
Maarten Bodewes
We generally keep questions key management on [security.se]. That's something that a new user cannot be expected to know though. If you don't mind, I would like to migrate this to our sister site. However, it would mean that you'd also have to extend your overal [se] account to include [security.se] otherwise you won't be able to control your question or accept an answer. Is that OK with you?
0
Reply
telescope avatar
jp flag
telescope
@MaartenBodewes I edited the question I think it still belongs here? let me know if that's not the case
1
Reply
kr flag
mentallurg
Such approach is not secure. If an attacker asks the HSM to sign the same publicly known message, then the attacker will obtain the same ed25519 key pair. Whereas if you just use any CSPRNG, the result is not repeatable and nobody will be able generate the same key pair.
1
Reply
telescope avatar
jp flag
telescope
Is that the only reason why it wouldn't be secure. Is it assumed to be secure keeping this threat in mind?
0
Reply
Score:1
Maarten Bodewes avatar Crypto
in flag
Maarten Bodewes

The main idea of an HSM is that the private key cannot be exported out of it. The way you describe your scheme means that you will have to get the signature out, then create the private key from that outside the HSM. Obviously if your server is compromised then an attacker can get to that private key by extracting it from memory, or by forcing the application to perform a signature.

Another advantage of HSMs is that the operation and algorithms are generally validated to work correctly and not be applicable to e.g. side channel analysis. You cannot rely on that kind of reliability by performing the calculations outside of the HSM.

There is an advantage to derive a single key pair from the existing one: you would not have to store the private key in memory while you are not using it. It is possible to keep it in memory and try to destroy it once you've used it.

That said, if the memory contents can be retrieved, if side channels are possible, if the signature generation can be achieved by an adversary then you cannot be sure that the private key gets copied and security gets lost.

Initially it seemed that the key pair was created specifically for the message. In that case it might be hard to establish trust in the public key that is part of the key pair. Without trust in the public key verification of signatures is meaningless.

+ 1
kr flag
mentallurg
The private key will not be stored anywhere, but the message used to derive it *will* be stored. If many keys need to be derived, e.g. because the other one was disclosed, then *for every* key pair one need to *store the message for this pair*.
0
Reply
Score:0
avatar Crypto
kr flag
mentallurg

To validate a signature in the standard case, no interaction with the signer is needed. Anyone at any time can take a signed message, compute its signature and check if fits the public key of the signer.

In the scheme that you suggested, each message will use a separate key pair. The validator will not know if this public key really belongs to the HSM. To validate the signature, the validator needs to send the message to the HSM, and the HSM should compute an ed25519 key pair for this message and tell the public key to the validator.

Such interaction can be impossible because of two reasons:

  • The validator does not want it, e.g. to prevent the disclosure of the validation fact, disclosure or validation frequency, disclosure of validation dates and times, disclosure the IP of validator, etc.
  • The HSM is not available for interaction with validator, e.g. the HSM can not be reached because connections from validator are refused. Or the HSM is not reachable because of maintenance works. Or there was an attempt to compromise the HSM and it has destroyed its internal data. Or the HSM was just routinely reset and replaced by a newer better device and there is no way any more to validate any previously signed messages. In a normal case you can register public key of HSM and would know that message was signed by this HSM even after the HSM was reset or destroyed. But in your scheme this will be impossible.
+ 14
Maarten Bodewes avatar
in flag
Maarten Bodewes
Why would a verifier need to compute a signature? Shouldn't that be "verify the signature"? I'm not sure if your browser didn't update, but the question reads that the signature is deterministically generated, so why would the key pair change per message?
1
Reply
kr flag
mentallurg
@MaartenBodewes: The OP says that the ed25519 key pair will be derived from the message: The message will be first signed by HSM, then the signature will be used as a seed to generate an ed25519 key pair, and this generated key pair will be used to sign the message. Means, everyone who wants to validate the signature will have to repeat all the steps including asking the HSM to first sign the message using its deterministic (RFC 6979) signature, then derive a ed25519 key pair.
1
Reply
Maarten Bodewes avatar
in flag
Maarten Bodewes
Oh, dang, yes you are right. I'll probably have to wonder all night why that is the case. If you'd use a static string to create a signature and derive a key pair (and later just a private key) then the scheme would make at least *some* sense as you would not have to store the private key permanently outside of the HSM.
0
Reply
kr flag
mentallurg
@MaartenBodewes: If a static string was used, then the derived key pair would be also static and could be used to sign *any* messages even those that the HSM has not really signed.
1
Reply
Maarten Bodewes avatar
in flag
Maarten Bodewes
Yes, that's true. It would signing in software but with a key that is retrieved from a secure device.
0
Reply
telescope avatar
jp flag
telescope
Yes, it's a static string. @MaartenBodewes is right not having to store the private key permanently outside of the HSM is the main beneift. It doesn't need to link the ed25519 keys back to the HSM (at least not directly) so it's fine if they can be used to sign anything software side
0
Reply
telescope avatar
jp flag
telescope
My question is is an ed25519 key pair derived from a signature of a static message cryptographically secure? Assuming the signature remains a secret.
0
Reply
kr flag
mentallurg
@telescope: If the signature generated by the HSM is not known, then what and whom will the generated ed25519 key pair prove? Your application that uses ed25519 will not be able to establish any logical connection between a message with ed25519 signature and the HSM. Then, why use HSM at all? Why not just use a random generator?
0
Reply
telescope avatar
jp flag
telescope
No need for a logical connection. Let's say you use the ed25519 key pair for SSH. Having only the HSM you can get back the private key to login in again without having to store the private key somewhere (that's just an example assuming SSH doesn't support the HSM signatures)
0
Reply
kr flag
mentallurg
@telescope: This means essentially less security compared to what security is expected from an HSM. The strength of HSM is, that even if somebody can access the HSM via its API, there is no away to extract secrets from it. Where as in your approach the security of generated private key is reduced to prohibiting access to the HSM. Which is essentially weaker.
0
Reply
telescope avatar
jp flag
telescope
For my use case it doesn't need to be as secure as having the HSM itself. It's acceptable only assuming the ed25119 key pair is sound/secure and the private key can be deterministically generated back without having to store it.
0
Reply
kr flag
mentallurg
@telescope: The level of security in this case is comparable to storing a private key of ed25519 as a *plain unencrypted* file on a USB stick. The security will depend on a single factor: How well you can prevent unauthorized access to this USB stick. In your case: How well you can prevent unauthorized access to the HSM. Because anyone who can access HSM can immediately produce your private key.
0
Reply
kr flag
mentallurg
@telescope: I'd suggest you another approach: Generate ed25519 key using any tool of your choice. Encrypt the private key using the HSM. This is what HSMs do well. You will avoid overhead with message that you need to store somewhere, overhead with key generation (you will need to stick to the same algorithm all the time). You will just ask the HSM to decrypt the key without having any "magic".
1
Reply
Maarten Bodewes avatar
in flag
Maarten Bodewes
I'd recommend doing that with a key wrapping mechanism that the HSM supports. If Ed25519 supports gets added you should then be able to unwrap it into the HSM (although the bit saying that it was kept within the HSM will of course remain on false). It also means that the key wrapping mechanism itself is hopefully well supported. Do not use CBC with a static IV (I know some HSM's default to that, but that's just a horrid practice I don't want to see repeated anywhere). CTR with static nonce is of course worse but I don't know if that's ever used for key wrapping.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.