Cryptographic ID
10+
Téléchargements
Tout public
info
À propos de l'application
- Attest the state of a Linux computer
This app can verify signatures made with cryptographic-id-rs. When your computer is in a trustworthy state, you can generate a private key hidden in the TPM2 of your computer. This private key can be sealed with the current state of the computer (PCRs). Then the computer can only sign a message with this key when it is in the correct state according to the PCRs. For example, you can seal the key against the secure boot state (PCR7). If your computer is booting an operating system signed by another vendor, the TPM2 cannot unseal the private key. So if your computer can generate a correct signature, it is in this known state. This is similar to tpm2-totp but uses asymmetric cryptography. This means you do not need to keep the verification code a secret, but you can share it safely with the world.
- Verify the identity of a phone
You can generate a private key when your phone is in a trustworthy state. If your phone can create a correct signature, you know it is the same phone. Since the operating system can access the private key, the security guarantees are much weaker than with a TPM2. So the verification is just as secure as your phone. If you use Graphene OS, I recommend Auditor instead.
- Verify that a person is in possession of a private key
This works as the section above and has the same shortcomings. It can be used to verify someone in person when he sends his public key to you in advance.
This app can verify signatures made with cryptographic-id-rs. When your computer is in a trustworthy state, you can generate a private key hidden in the TPM2 of your computer. This private key can be sealed with the current state of the computer (PCRs). Then the computer can only sign a message with this key when it is in the correct state according to the PCRs. For example, you can seal the key against the secure boot state (PCR7). If your computer is booting an operating system signed by another vendor, the TPM2 cannot unseal the private key. So if your computer can generate a correct signature, it is in this known state. This is similar to tpm2-totp but uses asymmetric cryptography. This means you do not need to keep the verification code a secret, but you can share it safely with the world.
- Verify the identity of a phone
You can generate a private key when your phone is in a trustworthy state. If your phone can create a correct signature, you know it is the same phone. Since the operating system can access the private key, the security guarantees are much weaker than with a TPM2. So the verification is just as secure as your phone. If you use Graphene OS, I recommend Auditor instead.
- Verify that a person is in possession of a private key
This works as the section above and has the same shortcomings. It can be used to verify someone in person when he sends his public key to you in advance.
Date de mise à jour
La sécurité, c'est d'abord comprendre comment les développeurs collectent et partagent vos données. Les pratiques concernant leur confidentialité et leur protection peuvent varier selon votre utilisation, votre région et votre âge. Le développeur a fourni ces informations et peut les modifier ultérieurement.
Aucune donnée partagée avec des tiers
En savoir plus sur la manière dont les développeurs déclarent le partage
Aucune donnée collectée
En savoir plus sur la manière dont les développeurs déclarent la collecte
Nouveautés
- Update dependencies
- Auto-focus message on signing
- Update F-Droid dependencies
- Auto-focus message on signing
- Update F-Droid dependencies
Assistance de l'appli
À propos du développeur
Simon Brand
simon.brand@postadigitale.de
Germany
undefined
