Calls: Send in your ideas. Deadline December 1st, 2021.

Remote PKCS#11

[Remote PKCS#11 — till 2019]

Setting up an encrypted connection across the internet requires establishing trust between the two endpoints. There are multiple ways, one of which is the use of asymetric keys. However, in many cases there will not be a suitable hardware crypto device available - and storing crypto credentials in userspace on lots of insecure devices (such as mobile phones) is quite risky. Managing and auditing usage of those credentials in such a case is a problem. The project entails two innovative ideas to isolate and organise credentials: "Hosted PKCS#11" which allow users to use a trusted remote crypto store instead of a local store (which is of course much easier to audit, assuming that the back end system on which the keys are stored is professionally managed by someone trustworthy), and "Layered PKCS #11" which can downgrade or upgrade identities to roles, groups and other attributes of a user (such as "age").

Logo NLnet: abstract logo of four people seen from above Logo Netherlands Ministry of Economic Affairs and Climate Policy

This project was funded through the Internet Hardening Fund, a fund established by NLnet with financial support from the Netherlands Ministry of Economic Affairs and Climate Policy.

Navigate projects

Please check out NLnet's theme funds, such as NGI Assure and the User Operated Internet Fund.

Want to help but no money to spend? Help us by protecting open source and its users.

.