Reinhard Buendgen
Reinhard Buendgen studied computer science at the universities of Karlsruhe and Delaware in Newark, DE. In 1991 he earned a Ph.D. in computer science at the University of Tuebingen. Until 1997 he worked at the University of Tuebingen as a researcher and lecturer. He joined IBM in 1997 where he held positions in software development, project management and as software development architect in the areas of parallel computing and RAS & High Availability for Linux on System Z. Currently he is a Senior Technical Staff Member at IBM being the Chief Architect Confidential Computing & Crypto Enablement for Linux on IBM Z and LinuxONE.
Session
The Linux on IBM Z (s390x) platform provides hardware-backed keys. These so called protected keys hide the clear keys from the Application and even the Operating System, while the platform provides instructions to do standard cryptographic operations with this key material.
The talk gives a brief introduction to this Hardware feature and why it was not possible to exploit it in OpenSSL prior to version 3.5.0. The main part of the talk will focus on how the new EVP_SKEY API changes the game and gives an insight to the implementation. As a summary, the talk gives some arguments why using hardware-backed keys (via the EVP_SKEY API) increases the security of applications.