What does the crypto chip do actually?

Mystic · March 6, 2022, 1:12pm

What does the crypto chip do?

Do all routers have this chip too?

peci1 · March 6, 2022, 6:34pm

Not sure if that’s all, but it should definitely provide a secure identifier to CZ.NIC that the device they communicate with is the Turris router they think. It’s used for the dynamic firewall function to authenticate the devices.

iron-maiden · March 7, 2022, 3:12pm

I think it is for better entropy when generating encryption keys.

X-dark · March 9, 2022, 1:40pm

Where does this come from? I really doubt any of this is true.

miska · March 10, 2022, 2:26pm

Actually both answers are true. It provides better entropy - we don’t have mouses and keyboards on routers, but it also contains unique key that can be used to uniquely authenticate every Turris router so routers can use not only Turris Sentinel, but also for example send e-mails via our SMTP server.

You can use it yourself as well via crypto-wrapper command.

Little bonus, on Turris MOX, there is a private key generated on router directly that never left OTP memory and can be used as PKCS11 provider: Turris / MOX PKCS11 · GitLab

system · March 13, 2022, 2:27pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.