Cryptographic ID
Attest the trustworthiness of a device using asymmetric cryptography
新版本 0.5.6
- Update dependencies
- Auto-focus message on signing
- Update F-Droid dependencies
- Auto-focus message on signing
- Update F-Droid dependencies
Use cases:
- Attest the state of a Linux computer
When your computer is in a trustworthy state, you can generate a private key hidden in the TPM2 of your computer. This private key can be sealed with the current state of the computer (PCRs). Then the computer can only sign a message with this key when it is in the correct state according to the PCRs. For example, you can seal the key against the secure boot state (PCR7). If your computer is booting an operating system signed by another vendor, the TPM2 cannot unseal the private key. So if your computer can generate a correct signature, it is in this known state. You can create a sealed private key and create such a signature with cryptographic-id-rs (https://gitlab.com/cryptographic_id/cryptographic-id-rs). This is similar to tpm2-totp (https://github.com/tpm2-software/tpm2-totp) but uses asymmetric cryptography. This means you do not need to keep the verification code secure. You can share it safely with the world.
- Verify the identity of a phone
You can generate a private key when your phone is in a trustworthy state. If your phone can create a correct signature, you know it is the same phone. Since the operating system can access the private key, the security guarantees are much weaker than with a TPM2. So the verification is just as secure as your phone. If you use Graphene OS, also have a look at Auditor (https://attestation.app/tutorial).
- Verify that a person is in possession of a private key
This works as well as the section above but has the same shortcomings. It can be used to verify someone in person when he sends his public key to you in advance over a secure channel.
- Attest the state of a Linux computer
When your computer is in a trustworthy state, you can generate a private key hidden in the TPM2 of your computer. This private key can be sealed with the current state of the computer (PCRs). Then the computer can only sign a message with this key when it is in the correct state according to the PCRs. For example, you can seal the key against the secure boot state (PCR7). If your computer is booting an operating system signed by another vendor, the TPM2 cannot unseal the private key. So if your computer can generate a correct signature, it is in this known state. You can create a sealed private key and create such a signature with cryptographic-id-rs (https://gitlab.com/cryptographic_id/cryptographic-id-rs). This is similar to tpm2-totp (https://github.com/tpm2-software/tpm2-totp) but uses asymmetric cryptography. This means you do not need to keep the verification code secure. You can share it safely with the world.
- Verify the identity of a phone
You can generate a private key when your phone is in a trustworthy state. If your phone can create a correct signature, you know it is the same phone. Since the operating system can access the private key, the security guarantees are much weaker than with a TPM2. So the verification is just as secure as your phone. If you use Graphene OS, also have a look at Auditor (https://attestation.app/tutorial).
- Verify that a person is in possession of a private key
This works as well as the section above but has the same shortcomings. It can be used to verify someone in person when he sends his public key to you in advance over a secure channel.
- 许可: MIT License
- 问题跟踪系统
- 源代码
- 构建元数据
- 可重复性状态
版本
尽管下面提供了 APK 安装包的下载选项,但你应该注意,以这种方式安装将不会收到更新通知,这是一种不太安全的下载方式。 我们建议你安装使用 F-Droid 客户端。
下载 F-Droid-
arm64-v8aarmeabi-v7ax86_64该版本需要 Android 5.0 及以上版本。
此安装包由 F-Droid 构建并签名,且保证与此源代码 tarball 保持一致。
-
arm64-v8aarmeabi-v7ax86_64该版本需要 Android 5.0 及以上版本。
此安装包由 F-Droid 构建并签名,且保证与此源代码 tarball 保持一致。
-
arm64-v8aarmeabi-v7ax86_64该版本需要 Android 5.0 及以上版本。
此安装包由 F-Droid 构建并签名,且保证与此源代码 tarball 保持一致。