Is it possible to read decrypted key?

CristianM · September 28, 2018, 10:13am

Hello! As I understood:

initramfs presents the locked LUKS key to Zymkey
Zymkey validates the signature and decrypts the key
The decrypted key is presented to LUKS and the root file system is then decrypted

Isn’t it possible to read the decrypted key by using a logic analyzer on the I2C lines between the Zymkey and Raspberry Pi? Is there any protection implemented against this type of attack?

Scott_of_Zymbit · September 28, 2018, 8:24pm

Hi @CristianM,

All traffic on the i2c bus between the RPi and the Zymkey is encrypted and signed. So, the decrypted key can’t be read out from the i2c bus. The key exchange is carried out with ECDH within sessions that are finite in duration.

Topic		Replies	Views
Zymkey and LUKS sniff attack? Encrypting File System	2	607	October 5, 2021
Read-only LUKS encrypted root filesystem, possible? ZYMKEY4	3	1287	June 13, 2019
Security of disk encryption key ZYMKEY4	1	1261	March 18, 2019
Both encrypted and not? ZYMKEY4	3	946	May 23, 2018
Ask for block cipher AES ZYMKEY4	3	752	June 5, 2020

Is it possible to read decrypted key?

Related topics