2019: The year of Cryptoucan™

Written by Dominik Joe Pantůček on 2019-02-07

cryptoucan

As the mass production process of Cryptoucan™ has started, we should also look into the future of our new security token. Read on to find out what we are about to deliver this year!


Firstly, let us see what we have so far. The final revision of the PCB[1] and components is done. The process of overmolding is perfected[2] and the surface finish - including laser engraving[3] - is also ready. But that is not all.

The firmware already support all features we need: securely generating the secret keys[4], creating digital signatures[5], deriving session key for message decryption[6] and challenge-signature authentication. All this functionality is available in the most important software right now. Both on Linux-based systems and Windows operating system, the device works and the installation requires just a few easy steps. Support for digitally signing emails and encrypting them is available on Mozilla Thunderbird (using Enigmail extension) and Microsoft Outlook[7] (using GPGOL) as well.

Remote authentication is available on both platforms using gpg-agent as ssh-agent[8] for ssh client on UNIX-like systems and PuTTY on Windows. Server-side support in SSH is available on all recent (last few years) platforms.

And secondly, there are many things we want to use Cryptoucan™ for. It is just a matter of adding support to the software. No changes will be needed in Cryptoucan™ itself.

Our plans for 2019 include adding support for disk encryption using both LUKS and VeraCrypt. No longer will you need to use passphrase to unlock your key slots. They will be locked by Cryptoucan™! Also the local authentication is moving away from username/password combination to more advanced methods. Using a cryptographic token that handles unlocking the keys outside of the computer and authenticates the user to the system is definitely one of those.

This means PAM support on Linux-based systems and authentication provider support on Microsoft Windows.

Allowing the customers to easy design and implement the key management that suits their needs is another area where we want to improve the users' experience. With x.509 certificates and certificate authorities, there is only one way to implement certificate management. But key discovery, trust anchoring and key revocation can be designed in many ways and for each security policy the companies need there is a solution using Cryptoucan™ without any compromises.

 

And of course, we are already looking farther in the future. So stay tuned and come back next week to learn more!


References

  1. https://trustica.cz/en/2018/06/21/cryptoucan-development-a-look-under-the-hood/

  2. https://trustica.cz/en/2018/06/28/cryptoucan-development-design-of-the-device-shell/

  3. https://trustica.cz/en/2018/11/15/cryptoucan-laser-engraving-revisited/

  4. https://trustica.cz/en/2018/07/26/cryptoucan-usage-initialization/

  5. https://trustica.cz/en/2018/08/16/cryptoucan-usage-signing-emails/

  6. https://trustica.cz/en/2018/09/13/key-management-introduction/

  7. https://trustica.cz/en/2018/12/13/cryptoucan-on-windows/

  8. https://trustica.cz/en/2018/09/06/cryptoucan-usage-ssh-authentication/