This open-source personal crypto-key vault wants two things: To make the web safer … and your donations

An open-source hardware project aimed at making the internet "a little bit safer" needs an influx of cash to continue its work.

The Cryptech effort was created following revelations from NSA whistleblower Edward Snowden that the US government and its pals are exploiting standards and weak crypto algorithms to gain access to citizens' private correspondence and documents.

In response, a group of engineers decided there needed to be an open-source hardware engine that could provide strong and reliable encryption and decryption for email, plus public-private key cryptography for all sorts of things from digitally signing messages and files to DNSSEC.

"Recent revelations have called into question the integrity of some of the implementations of basic cryptographic functions and devices used to secure communications on the Internet," the team wrote earlier this year.

"There are serious questions about algorithms and about implementations of those algorithms in software and particularly hardware.

"The algorithmic issues are in the domain of the heavy math cryptography folk. But we must also deal with the implementation issues. We therefore are embarking on development of an open-source hardware cryptographic engine that meets the needs of high-assurance internet infrastructure systems that use cryptography.

"The open-source hardware cryptographic engine must be of general use to the broad internet community, covering needs such as secure email, web, DNS, PKIs, etc."

Cryptech's goal is to develop an inexpensive ARM-powered Hardware Security Module (HSM) that can store cryptokeys and act as a signing engine to establish the authenticity of digital content.

The idea is you store a secret key in the module, which is designed to never intentionally (and, ideally, never accidentally) disclose that key. Rather, you tell the module to, for example, sign some data using that secret key; people can use your public key and that signature to verify that particular data really came from you, and has not been tampered with in transit.

The Cryptech HSM will use USB to communicate with your computer. To avoid attacks on the USB controller spreading to the HSM's CPU, the USB connection is terminated at the on-board single-purpose controller chip, which sends commands and data and receives a reply from the CPU over a serial bus. This means if you're able to compromise the USB chip, you can't directly access the main processor's memory to extract the secret keys.

Read more:
This open-source personal crypto-key vault wants two things: To make the web safer ... and your donations