Sound Key crowdfunder gets under way
Tuesday 17 November 2015
Digital signatures are becoming more popular. So is stealing them. Roberto Capodieci has a solution.
Digital signatures are already used for plenty of applications. People use PGP to prove they wrote a message; they use RSA keys to authenticate a linux session. And, of course, a private key is required to sign any cryptocurrency transaction.
It’s pretty simple in theory, though the maths is a little more complex. You take a very long number - long enough that no computer in the world will ever guess it. That’s your secret key. From that is calculated a public key, which is a digital identifier. Your public key represents you online. Some clever maths ensures that although it’s trivial to produce the public key from the private one, doing the opposite is a non-starter.
Now, messages and transactions can be ‘signed’ using your secret key and, thanks to some more clever maths, anyone can see these are linked to your public key. The maths is rock-solid, but a chain is only as strong as its weakest link. If someone else acquires your private key, they can sign on your behalf. Many devices expose the secret key at the point of signing, making it vulnerable to being snaffled by spyware.
Shiny, secure, simple: the Sound Key
The soundkey is one of a number of solutions to this issue. Its designer, Roberto Capodieci, was the victim of key-theft 18 months ago. It stores your keys securely and offline, and uses them to sign documents or blockchain transactions without exposing them to the web and its host of thieving gremlins.
It’s neat and simple. The Sound Key connects to a computer or phone through the headset port (hence the name). Unsigned transaction data is sent to the Sound Key through this port. When you’ve checked the data is correct on the Sound Key’s display, you type in your password and your transaction is signed. It’s then sent back to your device through the audio port. There is no point at which the secret key leaves the Sound Key or is exposed.
Roberto has built a prototype, and is now raising funds via an indiegogo campaign to roll it out properly. The thinking is that in a few years, these devices will be as ubiquitous as the little card readers banks send you to verify a card transaction - and even more important for security.
comments powered by Disqus