Documentation
Rate This Document
Findability
Accuracy
Completeness
Readability
SubmitClose

Internal Key Usage and Attack Defense

  • The ECM provides internal keys generated using the management tool or management APIs. When an asymmetric key is generated, you need to configure a password and set the paths that can access the key index. If no access path is configured, error code SDR_PRKRERR is returned when calling the SDF_GetPrivateKeyAccessRight API.
  • The cryptographic module complies with GM/T 0018-2012. The SDF APIs are called by the cryptographic device service layer instead of users. The cryptographic device service layer calls the management tool to generate internal keys and configure the CA paths that can access the keys. Normally, the service layer calling SDF_GetPrivateKeyAccessRight does not lead to errors related to incorrect passwords or unconfigured access paths.
  • If an attacker in an isolated environment performs brute-force password cracking by repeatedly calling SDF_GetPrivateKeyAccessRight, the cryptographic module records the number of consecutive incorrect password inputs from the CA. When the number exceeds 100, the CA path is deleted from the cryptographic module key file of the corresponding index, and related information is printed in the log. Then, when the CA calls the SDF_GetPrivateKeyAccessRight API, the error code SDR_PRKRERR is returned. If an attacker uses the CA path of the cryptographic device service layer, the cryptographic device service layer may become unavailable. In this case, the administrator needs to exclude the attacker and call the key management tool to reconfigure the corresponding access path. The cryptographic device service layer can check whether SDR_PRKRERR is returned upon an SDF_GetPrivateKeyAccessRight call to determine whether a brute-force attack exists. The administrator can check the TEE logs of the cryptographic module to determine whether an access path has been deleted due to attacks. After confirming that the environment is secure, the administrator calls the management tool to reconfigure the key access path of the corresponding index to restore the normal use of the cryptographic device service layer.
Parent topic: Special Specifications