CriptokiX is a software Cryptoki (fiXed) token based on openCryptoki. Its security is highly configurable by selectively enabling different patches.
CryptokiX extends openCryptoki by providing the following patches:
- Conflicting attributes: it is well known, for example, that it is insecure to allow the same key being used for wrapping and decrypting. In CryptokiX it is possible to specify a set of conflicting attributes.
- Sticky attributes: Some attributes once set (unset) should never been unset (set). For example a sensitive key should never be set non-sensitive. This is also useful when combined with the `conflicting attributes’ patch above: if two attributes are conflicting we certainly want to avoid that they are separately set and unset.
- Wrapping formats: It is known from previous work that it is not sufficient to specify a non-conflicting attribute policy. A wrapping format must also be used that correctly binds key attributes to the key. This prevents attacks where the key is unwrapped twice with conflicting attributes. Some devices are known to already include such wrapping formats, such as the Eracom ProtectServer.
- Secure templates: We limit the set of admissible attribute combinations for keys so to avoid that keys ever assume conflicting roles at runtime. This is configurable at the level of the specific PKCS#11 operation. For example, we can define different secure templates for different operations such as key generation and unwrapping.
CryptokiX comes, at the moment, as two different software tokens: the first one, called CryptokiX, implementing the first three patches (we are working on a cryptographically-sound implementation of the “wrapping formats” patch, at the moment it is implemented by a DES CBC-MAC), the other one is CryptokiX-sec-templates and provides the last patch.
The two different tokens will be soon merged together.