Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implementation of PIN policies #2

Open
sosthene-nitrokey opened this issue Feb 2, 2023 · 0 comments
Open

Implementation of PIN policies #2

sosthene-nitrokey opened this issue Feb 2, 2023 · 0 comments

Comments

@sosthene-nitrokey
Copy link
Contributor

sosthene-nitrokey commented Feb 2, 2023

Policies would be handled by adding an AuthContext to the ClientContext containing the current PinId

API

  • authenticate(PinId,value) -> chkec if value is correct, then store in the authcontext the PinId and store required data in the volatile FS
  • de_auth(PinId) -> remove data from volatile FS for the PinId and also from the AuthContext (if same)
  • set_auth(PinId) if data for PinId in volatile FS, set it to the authContext
  • clear_auth(PinId) clear authcontext but not the volatile FS, so set-auth still works until a de-auth
  • When a pin is created it can also have a policy allowing it to be "overriden" by other PINs

For the software backend, policies are enforced by runtime checks. Keys with a policy are not specifically encrypted. The SE050 backend will provide that type of security.

Todo

What do Policies look like, for both keys and PINs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant