6 20 2021
I’m one of the Google Summer of Code (GSoC 2021) interns contributing to the GNOME Foundation. And I'm contributing to the libsecret project.
libsecret is a library for storing and retrieving passwords and other secrets. It communicates with the "Secret Service" using DBus - gnome.org
To simply put, libsecret is a credential/secret/password manager. libsecret has a feature that you can use to store secrets in a file database or simply a file. This file is encrypted. And the key to encrypt this file is derived from the user's login password. This not an ideal situation. Because, the entire security of the file database relies on the user's login password. This situation can be improved if the key[s] are protected by hardware. This is when a TPM comes into play.
Trusted Platform Module (TPM, also known as ISO/IEC 11889) is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys - Wikipedia.
If you don't know anything about the TPMs I'd recommend watching, Using the TPM - It's Not Rocket Science (Anymore) - Johannes Holland & Peter Huewe talk on YouTube. TPM is a fantastic tool for everyday cryptographic scenarios. And it's not that hard to use thanks to tpm2-tools. However, talking to a TPM via an API (or simply TPM programming) is not that simple. Actually, it's very similar to rocket science :) And there are no books or good developer resources on TPM programming. The lack of programming resources is a frustrating experience. However, the TPM developer community is fantastic. They have been helping me since day one.
In simple terms, my goal is to extend current libsecret file database encryption-decryption functionality to work with a TPM. So, the TPM will handle key generation, wrapping-unwrapping of keys and key storage processes. This is very exciting work! Honestly, this was not the case in my early stage of contributing to libsecret. I knew nothing about libsecret, computer security, cryptography or TPMs. Thanks to both my mentors and upstream TSS (TPM Software Stack) developers, I'm confidently finding my way around the project. So, thank you Daiki Ueno for guiding me through every step of the way from my initial contribution to making my final project proposal for GSoC. And thank you Anderson Sasaki for helping me out with my questions every single day. Also, I would very much like to thank, upstream TSS developers Peter Huewe, Philip Tricca and Andreas Fuchs for helping me out with all things related to TPMs.
Stay tuned for my next blog post, "Hello World TPM!".