This is a MultyParty Computation System Prototipe wich provides distributed RSA key management (key pair creation and signing operations, but can be extended to decryption too). It is based on Atle Mauland work, which integrate the distributed RSA protocol into VIFF code (VIFF is a Python framework for MPC).
-VIFF - Virtual Ideal Functionality Framework
The objective of this contribution is to provide a test environment, wich can be easyly deployed, emulating a cloud server architecture wich provides a service for clients. In this way, a client entity (one user or domain), can take advantage of the key management service offered via an orchestrator element. The key management service provides a virtual Hardware Security Module, thanks to MPC properties.
The system architecure is built over three tiers. On top, there are the servers, with a flat design, meaning they do not develop the logic that make the system works. This is the orchestrator function, on second tier, which translate client requests and coordinates the servers. The servers use the information provided by orchestrator to start a MPC operation. Clients are thaught in abstract way, meaning they can perform any desired operation.
A client example has been developed, for certificate signing operations with the certbuilder Python library:
-
Create network:
docker network create --subnet 10.10.10.0/24 rsa-net -
(Optional - for changes in code) Re-build images:
docker build -t node ./node
docker build -t orchestrator ./orchestrator -
Run compose file (scale can change between 3 and 9):
docker-compose up --scale node=5 -
Configure nodes:
python config_nodes.py
-
Build and run client:
docker build -t client ./client
docker run -it --network rsa-net client -
Client actions:
python /certbuilder/client_newKey.py
python /certbuilder/client_buildCert.py keyId
