The CrypTech project has just completed a successful two-day workshop in advance of IETF 96 in Berlin that gathered the core development team and a select group of alpha testers to put the alpha board through its paces. CrypTech is “an open hardware cryptographic engine that meets the needs of high assurance Internet infrastructure systems that rely on cryptography.” The workshop was very successful with the general consensus being that CrypTech has arrived! The team has produced a working prototype based on an open hardware and software design. There were a few bugs fixed and potential improvements identified, but as one of the participants stated, there was no grey smoke!
All of the details of the workshop are available on the cryptech wiki (https://trac.cryptech.is/wiki/BerlinWorkshop) including the presentations and a few pictures. The presentations include overviews of: 1) the hardware architecture; 2) the Field Programmable Gate Array (FPGA) design; 3) the Hardware Security Module (HSM) software architecture, command line interface (CLI), and remote procedure call (RPC) mechanism; and 4) the client-side software and how to configure the board. This set of presentations provides an excellent overview of the design principles and decisions made during the course of the effort.
The workshop participants spent their time installing and configuring their alpha device and testing DNSSEC signing using OpenDNSSEC and the CrypTech device. As to be expected, there were a few bugs to be addressed. In addition, some key areas for improvement included feature completeness, optimizing performance, and the addition of a battery backup. The overall trust model of open source and transparent code development was discussed. Additional potential use cases for the design were explored.
Additional alpha testers are encouraged and welcome. A limited supply of the alpha product is available through Crowd Supply (https://www.crowdsupply.com/cryptech/open-hardware-security-module).