SoylentNews

canopic jug [soylentnews.org] writes:

Ben Cartwright-Cox has written a blog post about building Yubikey/Smartcard backed TLS/HTTPS servers [benjojo.co.uk]. Cryptographic hardware tokens such as the Yubikey can hold and verify keys but are set up not to be able to give the key itself back to the system. Although the hardware token's contents can be overwritten, the original key cannot be extracted even if the system it is on gets cracked. Thus moving the keys to the hardware token would make them more or less unstealable. Ben walks through the steps necessary to retrofit a Yubikey to provide for situations roles where keys would normally be in memory such as for an HTTPS server.

Original Submission