A few months ago I bought a Raspberry Pi B to experiment with, but sadly my day job as a Ruby developer keep me busy enough that it just sat on the shelf unused until this last weekend. For those not yet in the know, the Raspberry Pi is an excellent little complete computer system on a small circuit board that uses very low power and looks like this:
It’s GPIO support means its especially good for projects involving interoperating with physical devices.
However, I have a different idea for my first project. I intend to configure it as a dedicated offline key management system with OpenPGP (via GnuPG) and an SSL Certificate Authority setup for air-gapped operations! The device appears to have a hardware real random number collector and others have posted projects about wiring up electronics to pick up randomness from the environment, something that regular computers do not typically support.
Maintaining an air gap does not remove all attack risks, but it significantly changes the threat model faced while carrying on primary secret key management practices.
I will keep you all posted on the outcome of this project, but it should be a lot of fun and a sub $100 setup capable of managing crypto keys separate from an internet connected system will be a huge win!