Holger Dengler
- Opensource Developer @ IBM
- Nominated community member for OpenSSL platform linux64-s390x
- Linux Kernel co-Maintainer for crypto-related stuff for s390 architecture
Session
10-09
13:30
40min
Exploiting hardware-backed keys with the new EVP_SKEY API
Holger Dengler, Reinhard Buendgen
The Linux on IBM Z (s390x) platform provides hardware-backed keys. These so called protected keys hide the clear keys from the Application and even the Operating System, while the platform provides instructions to do standard cryptographic operations with this key material.
The talk gives a brief introduction to this Hardware feature and why it was not possible to exploit it in OpenSSL prior to version 3.5.0. The main part of the talk will focus on how the new EVP_SKEY API changes the game and gives an insight to the implementation. As a summary, the talk gives some arguments why using hardware-backed keys (via the EVP_SKEY API) increases the security of applications.
Technical Deep Dive & Innovation
Krakow/ Business Value & Enterprise Adoption