Yubico Forum

Hi

I'm setting up my own validation service complete with yubiHSM based KSMs. The plan is to use two KSMs, so I'll need a total of 3 yubiHSMs, (I think).

But I'm struggling with the yubiHSM part. I understand that I should use a separate yubiHSM for generating AEADs with only the minimum permissions set.

Section 5.1 from the YubiHSM reference manual states
'In the case above, devices 1-3 will then have the YSM_AEAD_YUBIKEY_OTP_DECODE flag enabled only whereas the device 4 will have any combination of the generation flags set only.'

Which combination should I be setting? So far, I've tried just YSM_BUFFER_AEAD_GENERATE with YSM_BUFFER_LOAD (the flags listed in the first row of the table on page 11, section 2.4 AEAD generation)
But this doesn't seem to be enough. After leaving configuration mode, I've tried generating keys with yhsm-generate-keys, but this fails with
pyhsm.exception.YHSM_CommandFailed: <YHSM_CommandFailed instance at 0x1dc2a00: Command YSM_BUFFER_AEAD_GENERATE failed: YSM_FUNCTION_DISABLED>

I've doubled checked, and the YSM_BUFFER_AEAD_GENERATE is definitely set, so why is it coming back YSM_FUNCTION_DISABLED?

Many thanks for your help,
Alex

Hello,

To generate aeads from user input those two flags are enough, though there's a gotcha in there namely the YSM_USER_NONCE flag. If the key can be supplied outside of the hsm (with YSM_BUFFER_LOAD) YSM_USER_NONCE should definately not be set and --random-nonce must be given to yhsm-generate-keys. To make matters more complicated there's a bug in all released versions of the yhsm-generate-keys script that makes the --random-nonce flag a noop: https://github.com/Yubico/python-pyhsm/ ... 29ff087691

Hopefully this clears things up a bit..

/klas

Hi Klas

Thanks for your help. With the git version, yhsm-generate-keys now works (with the --random-nonce option).
I had actually already tried the --random-nonce option, but was obviously hitting the bug.

Having generated the keys, the next step is to run
yhsm-decrypt-aead --format yubikey-csv /var/cache/yubikey-ksm/aeads --aes-key $AEAD_AES_KEY ?

This generates a csv that can be used for programming the yubikeys.

Isn't it an issue that the aes-key has to be supplied on the commandline?

Or perhaps there is a better way of provisioning our yubikeys (small site ~100 yubikeys)?
I could use the personalization tool to generate keys during the programming of the yubikeys instead? (and then use yhsm-import-keys to create the AEADs?)

I'm finding it all a bit confusing, but am anxious to get it right and not invalid the security.

Thanks,
Alex

Good, one thing out of the way!

The decrypt-aead script should only be run on a disconnected machine, otherwise you have no benefit of generating the keys inside the HSM in the first step.

If you don't want to setup a disconnected station where you decrypt aeads and program the YubiKeys (which is the highest security you get) you could well program the keys first and then import with yhsm-import-keys.

/klas