Send in your ideas. Deadline February 1, 2025
logo
Talk
Matrix
Internet Relay Chat (IRC)
Stay up to date
RSS or Atom feed
Website
More info available :
https://openpgp-ca.org
Grant
Theme fund: NGI Assure
Period: 2021-08 — 2024-05

Hardening OpenPGP CA deployments

HSM support for OpenPGP key infrastructure

OpenPGP CA is a tool for managing and certifying OpenPGP keys in organizations. Today, the private key material of OpenPGP CA instances is stored and used locally. This project will add support for two hardened modes of operation: 1) Using a hardware-token OpenPGP Card) based key for the CA, and 2) Split OpenPGP CA deployments, in which critical operations are performed on a highly protected machine (e.g. air-gapped), while regular operation can take place conveniently on an online CA instance.

In addition the project will build an OpenPGP CA based tool for version control signing workflows (e.g. git), with a focus on providing a smooth user experience for signing with OpenPGP card devices.

Logo NLnet: abstract logo of four people seen from above Logo NGI Assure: letterlogo shaped like a tag

This project was funded through the NGI Assure Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 957073.