Cryptoucan™ usage: privileged operations

Written by Dominik Joe Pantůček on 2018-07-19

cryptoucan

Last time we have shown you some basic Cryptoucan™ usage. Read on to learn something about the administrator access to Cryptoucan™ and see how the device can be used for performing some privileged operations like key generation or user PIN reset.


As you will see, there is only a slight difference between using your Cryptoucan™ for day-to-day operations[1] and performing higher-privilege tasks. It has to be stressed that when trying to enter the privileged mode, failure to do it correctly may end up with losing all cryptographic keys. This is a necessary measure to prevent unauthorized users gaining access to the secret material.

Of course, if you are here just to see the video - here we go!

Picture 1: danger ahead. Two typical operations that require you to authorize yourself with your administrative PIN are the generation of new cryptographic keys which you perform as a part of the device initialization and re-setting the user PIN in case you forget it or fail to enter it correctly more than allowed number of times. In both cases, Cryptoucan™ will prompt you to enter the administrative PIN by lighting the red number three on the left hand side - that is because from privilege separation perspective, this is PIN 3. If you have three or more attempts to enter this PIN left, the green happy face will be lit on the right hand side as can be seen in Picture 2.

Picture 2: entering PIN3 with three or more attempts left. And again - if you have only two attempts left, the yellow neutral face will be lit on the right hand side which can be seen in Picture 3.

Picture 3: Only two attempts remaining. A word of warning should be said in advance. When the red sad face is shining on the right hand side, you are just one wrong PIN entry from losing your keys. The situation can be seen in Picture 4 and Cryptoucan™ has been programmed to ensure that if this happens, the keys are lost forever and cannot be restored. This decision comes from the security model[2][3] of Cryptoucan™ and we will talk about that more in the future.

Picture 4: Last administrative PIN attempt. Basic privileged operations with Cryptoucan™ are depicted in Video 1 below. This is our way of showing that we are really getting close to releasing Cryptoucan™ for general availability - but bear with us, we are not there yet!

Video 1: Administrative tasks with Cryptoucan™  

Thank you for following our Cryptoucan™ development and release process, we will bring you more information next Thursday as usual. Also feel free to subscribe to our YouTube channel[4] and follow us on Twitter[5] to receive the latest updates. Stay tuned!


References

  1. https://trustica.cz/en/2018/07/12/cryptoucan-usage-basic-operations/

  2. https://trustica.cz/en/2018/06/21/cryptoucan-development-a-look-under-the-hood/

  3. https://trustica.cz/en/category/ecc/

  4. https://www.youtube.com/channel/UC-RuV9nXyysbH0kB4pVqZTg

  5. https://twitter.com/trusticacz