What does the crypto chip do actually?

What does the crypto chip do?

Do all routers have this chip too?

Not sure if that’s all, but it should definitely provide a secure identifier to CZ.NIC that the device they communicate with is the Turris router they think. It’s used for the dynamic firewall function to authenticate the devices.


I think it is for better entropy when generating encryption keys.


Where does this come from? I really doubt any of this is true.

Actually both answers are true. It provides better entropy - we don’t have mouses and keyboards on routers, but it also contains unique key that can be used to uniquely authenticate every Turris router so routers can use not only Turris Sentinel, but also for example send e-mails via our SMTP server.

You can use it yourself as well via crypto-wrapper command.

Little bonus, on Turris MOX, there is a private key generated on router directly that never left OTP memory and can be used as PKCS11 provider: Turris / MOX PKCS11 · GitLab


This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.