|
Packit |
8681c6 |
PKCS#11 TOKEN DATA
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
As PKCS#11 apps create token objects, openCryptoki stores them by default in
|
|
Packit |
8681c6 |
/var/lib/opencryptoki, in a token-specific subdirectory. Each object is stored
|
|
Packit |
8681c6 |
in its own file and given a unique name that is never reused. Each object is
|
|
Packit |
8681c6 |
stored in a binary format that gives openCryptoki the ability to check for
|
|
Packit |
8681c6 |
corruption when reading in the object into memory.
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
DATA CORRUPTION
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
If corrupted token data is detected by openCryptoki, the name and location on
|
|
Packit |
8681c6 |
disk of the corrupted data is logged to syslog. You'll notice a message
|
|
Packit |
8681c6 |
something like one of the following:
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
Aug 30 16:46:00 host openCryptoki[14491]: Cannot restore token object /var/lib/opencryptoki/swtok/TOK_OBJ/WJ000000 (ignoring it)
|
|
Packit |
8681c6 |
Aug 30 16:46:00 host openCryptoki[14491]: Cannot malloc 4294967290 bytes to read in token object /var/lib/opencryptoki/swtok/TOK_OBJ/WJ000000 (ignoring it)
|
|
Packit |
8681c6 |
Aug 30 16:46:00 host openCryptoki[14491]: Token object /var/lib/opencryptoki/swtok/TOK_OBJ/WJ000000
|
|
Packit |
8681c6 |
appears corrupted (ignoring it)
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
This means that something about the object has changed in such a way that makes
|
|
Packit |
8681c6 |
openCryptoki unable or unwilling to process it.
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
BACKING UP TOKEN DATA
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
The only way to recover from corrupted token data is to maintain backups. An
|
|
Packit |
8681c6 |
admin can schedule a repeating backup of /var/lib/opencryptoki to ensure token
|
|
Packit |
8681c6 |
data can be restored if it becomes corrupted. Token data can be restored
|
|
Packit |
8681c6 |
file-by-file (for instance, copying a backup of the WJ000000 file into the
|
|
Packit |
8681c6 |
/var/lib/opencryptoki/swtok/TOK_OBJ/ directory to use the example log entries
|
|
Packit |
8681c6 |
above), or the entire token data store can be restored from backup at once.
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
Note that NVTOK.DAT, MK_SO and MK_USER store additional state for the token and
|
|
Packit |
8681c6 |
are dependent on the SO and USER PIN state at the time the backup was made. If
|
|
Packit |
8681c6 |
you've changed your SO or USER PINs since the last backup and then restore these
|
|
Packit |
8681c6 |
files, it will essentially roll back the PINs to their prior values.
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
THE TPM TOKEN
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
The TPM token is slightly different than the other tokens, in that it stores
|
|
Packit |
8681c6 |
its token data in a subdirectory for each user who runs a PKCS#11 app. The
|
|
Packit |
8681c6 |
subdirectory is the user ID of the user executing the app, such as:
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/var/lib/opencryptoki/tpm/${USER}
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
This data is not readable by other users accessing the TPM token, unlike other
|
|
Packit |
8681c6 |
openCryptoki tokens, where all apps who know the SO or USER PIN can access all
|
|
Packit |
8681c6 |
public or private token data objects respectively.
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
Keys and data generated on the TPM token will have as a parent a migratable TPM
|
|
Packit |
8681c6 |
key whose parent is an openssl-generated software key wrapped by the TPM's
|
|
Packit |
8681c6 |
Storage Root Key. These two parent keys will be unique per user of the TPM token
|
|
Packit |
8681c6 |
and so must be backed up separately.
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
The wrapped openssl keys are generated by openCryptoki as part of initializing
|
|
Packit |
8681c6 |
the token, and are stored encrypted by an AES-256 key based on the SO and USER
|
|
Packit |
8681c6 |
PINs, then stored as:
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
/var/lib/opencryptoki/tpm/${USER}/PRIVATE_ROOT_KEY.pem
|
|
Packit |
8681c6 |
/var/lib/opencryptoki/tpm/${USER}/PUBLIC_ROOT_KEY.pem
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
Keep in mind these are software keys encrypted by the SO and USER PINs, which
|
|
Packit |
8681c6 |
means that they'll be vulnerable to brute force attacks on their passwords if an
|
|
Packit |
8681c6 |
attacker gets access to them. These are the only keys vulnerable to brute force
|
|
Packit |
8681c6 |
attacks in the TPM token -- all others are protected by the TPM's dictionary
|
|
Packit |
8681c6 |
attack prevention algorithms.
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
If you choose not to move these keys off disk for backup, they will be
|
|
Packit |
8681c6 |
re-wrapped each time the USER or SO PIN changes, to stay in sync with the
|
|
Packit |
8681c6 |
current USER or SO PIN.
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
If these keys are moved off disk for backup, be sure to remember the SO and
|
|
Packit |
8681c6 |
USER PINs at the time they were removed from disk. If your TPM hardware fails
|
|
Packit |
8681c6 |
and you're forced to migrate to a new TPM, the PINs set at the time you backed
|
|
Packit |
8681c6 |
them up will be required to decrypt them and restore your TPM key hierarchy.
|
|
Packit |
8681c6 |
|
|
Packit |
8681c6 |
To restore your token data on a new TPM, just make sure all token data is
|
|
Packit |
8681c6 |
installed in the /var/lib/opencryptoki/tpm/${USER} directory and that the 2 pem
|
|
Packit |
8681c6 |
files and NVTOK.DAT are present. When you log in, the TPM key load operation
|
|
Packit |
8681c6 |
will fail, since the new TPM's Storage Root Key is different. openCryptoki will
|
|
Packit |
8681c6 |
detect this condition, then unwrap the appropriate pem file using the supplied
|
|
Packit |
8681c6 |
PIN and re-wrap it to the new Storage Root Key. All token data should then be
|
|
Packit |
8681c6 |
available on the TPM. At this point you can remove the pem files from disk again
|
|
Packit |
8681c6 |
for backup - they aren't used during normal operation of the token, except as we
|
|
Packit |
8681c6 |
mentioned above, to have their passwords updated each time the USER or SO PIN
|
|
Packit |
8681c6 |
changes.
|