OpenPGP Card is an ISO/IEC 7816-4 compatible smartcard that is integrated with many OpenPGP functions, including signature, encryption, and authentication. It provides an trustful computing environment isolated from the host computer, to guard one's private keys from attacks and exposures. ZetiControl in Germany is the first manufacturer of OpenPGP Card based on BasicCard platform. Since then, compatible USB tokens have also been manufactured, such as Yubikey and Nitrokey.
Currently for compatible USB tokens, there are two approaches of OpenPGP Card implementation:
- Based on secure hardware.
- The hardware is usually temper-proof to some extents, but the system is usually proprietary with mandatory NDA required, such as Yubikey.
- Based on generic microcontroller, with gnuk firmware developed by Niibe Yutaka.
- It allows 100% free hardware design and software, but the chip is not hardened for security thus vulnerable to physical attacks.
In other words, the user is forced to choose between security and transparency.
But thanks to the IoT hype, many NDA-free and regulation-free "secure elements" for cryptograpic key storage have entered the market. This project is going to perform early experiments with a ATECC508A chip by Atmel, and see if it is possible to integrate it to the gnuk USB token to improve the physical security, allowing users to secure their private data with GnuPG with a high degree of physical security.
Looking for hackers with the skills:
gnupg gpg pgp security cryptography embedded arm microcontroller stm32 atmega
This project is part of:
Hack Week 17
Activity
Comments
Similar Projects
vex8s-controller: a kubernetes controller to automatically generate VEX documents of your running workloads by agreggi
Description
vex8s-controller is an add-on for SBOMscanner project.
Its purpose is to automatically generate VEX documents based on the workloads running in a kubernetes cluster. It integrates directly with SBOMscanner by monitoring VulnerabilityReports created for container images and producing corresponding VEX documents that reflect each workload’s SecurityContext.
Here's the workflow explained:
- sbomscanner scans for images in registry
- generates a
VulnerabilityReportwith the image CVEs - vex8s-controller triggers when a workload is scheduled on the cluster and generates a VEX document based on the workload
SecurityContextconfiguration - the VEX document is provided by vex8s-controller using a VEX Hub repository
- sbomscanner configure the VEXHub CRD to point to the internal vex8s-controller VEX Hub repository
Goals
The objective is to build a kubernetes controller that uses the vex8s mitigation rules engine to generate VEX documents and serve them through an internal VEX Hub repository within the cluster.
SBOMscanner can then be configured to consume VEX data directly from this in-cluster repository managed by vex8s-controller.
Resources
Exploring Rust's potential: from basics to security by sferracci
Description
This project aims to conduct a focused investigation and practical application of the Rust programming language, with a specific emphasis on its security model. A key component will be identifying and understanding the most common vulnerabilities that can be found in Rust code.
Goals
Achieve a beginner/intermediate level of proficiency in writing Rust code. This will be measured by trying to solve LeetCode problems focusing on common data structures and algorithms. Study Rust vulnerabilities and learning best practices to avoid them.
Resources
Looking at Rust if it could be an interesting programming language by jsmeix
Get some basic understanding of Rust security related features from a general point of view.
This Hack Week project is not to learn Rust to become a Rust programmer. This might happen later but it is not the goal of this Hack Week project.
The goal of this Hack Week project is to evaluate if Rust could be an interesting programming language.
An interesting programming language must make it easier to write code that is correct and stays correct when over time others maintain and enhance it than the opposite.
Smart lighting with Pico 2 by jmodak
Description
I am trying to create a smart-lighting project with a Raspberry Pi Pico that reacts to a movie's visuals and audio that involves combining two distinct functions: ambient screen lighting(visual response) and sound-reactive lighting(audio response)
Goals
- Visuals: Capturing the screen's colour requires an external device to analyse screen content and send colour data to the MCU via serial communication.
- Audio: A sound sensor module connected directly to the Pico that can detect sound volume.
- Pico 2W: The MCU receives data fro, both inputs and controls an LED strip.
Resources
- Raspberry Pi Pico 2 W
- RGB LED strip
- Sound detecting sensor
- Power supply
- breadboard and wires
Creating test suite using LLM on existing codebase of a solar router by fcrozat
Description
Two years ago, I evaluated solar routers as part of hackweek24, I've assembled one and it is running almost smoothly.
However, its code quality is not perfect and the codebase doesn't have any testcase (which is tricky, since it is embedded code and rely on getting external data to react).
Before improving the code itself, a testsuite should be created to ensure code additional don't cause regression.
Goals
Create a testsuite, allowing to test solar router code in a virtual environment. Using LLM to help to create this test suite.
If succesful, try to improve the codebase itself by having it reviewed by LLM.
Resources