From 220200d2ac386ef35fe0e696d1805cb13c17bfe5 Mon Sep 17 00:00:00 2001 From: Charles Desbiens Date: Mon, 23 Sep 2024 20:35:23 -0400 Subject: [PATCH 1/3] add onprem appliance page --- content/_index.md | 5 +- content/eaas/appliance/_index.md | 215 ++++ docs/404.html | 16 +- docs/categories/index.html | 78 +- docs/categories/index.xml | 5 +- docs/concepts/entropy-projection/index.html | 78 +- docs/concepts/entropy-projection/index.xml | 5 +- docs/concepts/index.html | 78 +- docs/concepts/index.xml | 5 +- .../key-generation-architecture/index.html | 82 +- .../key-generation-architecture/index.xml | 5 +- docs/concepts/otp/index.html | 84 +- docs/concepts/otp/index.xml | 5 +- docs/eaas/appliance/index.html | 1119 +++++++++++++++++ docs/eaas/appliance/index.xml | 11 + docs/eaas/index.html | 78 +- docs/eaas/index.xml | 5 +- docs/eaas/nist/index.html | 78 +- docs/eaas/nist/index.xml | 5 +- docs/eaas/pkcs11/index.html | 80 +- docs/eaas/pkcs11/index.xml | 5 +- docs/eaas/rngd/index.html | 81 +- docs/eaas/rngd/index.xml | 5 +- docs/faqs/index.html | 78 +- docs/faqs/index.xml | 5 +- docs/getting_started/index.html | 78 +- docs/getting_started/index.xml | 5 +- docs/index.html | 82 +- docs/index.json | 9 +- docs/index.xml | 5 +- docs/openssh/index.html | 78 +- docs/openssh/index.xml | 5 +- docs/sdk/api/cpp/index.html | 78 +- docs/sdk/api/cpp/index.xml | 5 +- docs/sdk/api/index.html | 78 +- docs/sdk/api/index.xml | 5 +- docs/sdk/changelogs/index.html | 78 +- docs/sdk/changelogs/index.xml | 5 +- docs/sdk/index.html | 78 +- docs/sdk/index.xml | 5 +- docs/sdk/overview/index.html | 78 +- docs/sdk/overview/index.xml | 5 +- docs/sdk/quickstarts/cpp/index.html | 80 +- docs/sdk/quickstarts/cpp/index.xml | 5 +- docs/sdk/quickstarts/index.html | 78 +- docs/sdk/quickstarts/index.xml | 5 +- docs/sitemap.xml | 3 + docs/tags/index.html | 78 +- docs/tags/index.xml | 5 +- 49 files changed, 2578 insertions(+), 564 deletions(-) create mode 100644 content/eaas/appliance/_index.md create mode 100644 docs/eaas/appliance/index.html create mode 100644 docs/eaas/appliance/index.xml diff --git a/content/_index.md b/content/_index.md index d528b93a..aa893390 100644 --- a/content/_index.md +++ b/content/_index.md @@ -16,7 +16,10 @@ We believe that documentation benefits from sharing and collaborative improvemen Below is a list of the products that Qrypt offers with links to their supporting documentation. -### [Quantum Entropy](/eaas/) +### [Quantum Entropy Appliance (on-prem)](eaas/appliance/) +Qrypt's on-prem quantum entropy appliance is a server that is intentended for on-prem deployments. It exposes a REST API that clients can call to retrieve quantum entropy from the QRNG card installed on the server. + +### [Quantum Entropy as a Service](/eaas/) Qrypt's Quantum Entropy service measures quantum effects and converts those measurements into pure random numbers. The service leverages multiple Quantum Random Number Generators (QRNGs) developed by national and international research labs to ensure the highest quality random. diff --git a/content/eaas/appliance/_index.md b/content/eaas/appliance/_index.md new file mode 100644 index 00000000..764a4b86 --- /dev/null +++ b/content/eaas/appliance/_index.md @@ -0,0 +1,215 @@ ++++ +menuTitle = "On-Prem Appliance" +date = 2024-09-23T19:11:17-04:00 +weight = 1 +disableToc = "false" ++++ + +# Introduction + +The Quantum Entropy Appliance (QEA) is a server that comes equipped with Qrypt’s quantum random number generator cards. These cards continuously measure quantum phenomena to generate streams of truly random bytes. + +The QEA can be installed on-prem, or in a data center, and it does not require any external network access. It exposes a REST API that can be called by clients in the same network to request arbitrary amounts of true random bytes. + +--- +# Why QRNG? + +Modern cryptographic protocols depend on the use of secret encryption keys to guarantee security. If they key protecting a system becomes known, then that system is effectively compromised. + +Modern computers depend on the use of Pseudo-Random Number Generators (PRNG) to create encryption keys. PRNGs use deterministic algorithms in combination with an initial random seed to produce random output. Initial random seeds are typically derived from a combination of hardware measurements and user inputs – e.g. keyboard inputs, mouse clicks etc. + +The quality of the random produced by PRNGs can vary significantly depending on the hardware, and the software implementation. Many connected devices – especially smaller embedded devices, or hosts residing in data centers – can easily end up using poor quality entropy due to a lack of random user inputs. + +The use of poor-quality entropy has been shown to lead to critical vulnerabilities in the past. For example, the authors of a [2012 survey](https://factorable.net/weakkeys12.conference.pdf) found that they could “obtain RSA private keys for 0.50% of TLS hosts and 0.03% of SSH hosts, because their public keys shared nontrivial common factors due to entropy problems.” + +The entropy generated using Qrypt’s QEA is proven to be truly random. It is therefore not susceptible to any attacks that exploit weaknesses in PRNG software implementations. It is also an ideal means for distributing high quality entropy to devices that do not otherwise have access to high-quality random seed data. + +--- +# How do we ensure true randomness? + +The entropy generated by the QEA  is continuously tested using the [NIST SP800-22](https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-22r1a.pdf) entropy source validation test suite. If any of the tests fail, then that entropy source is cut off until its output passes tests again. + +The appliance also includes an extensive set of hardware health monitors that shut down the entropy source at the card level in the event of any hardware failure or anomaly. + +--- +# Performance + +**Max API throughput:** ~2,500,000 256-bit keys per second + +**Max Entropy card output:** ~1,500 Mb/s + +--- +# Installation + +The QEA comes with Ubuntu Server v22.04 installed. Users will receive login credentials which they can use to perform any necessary admin tasks. + +The QEA can be installed on-prem or in a datacenter rack. Once the appliance is connected to the network interface, the user must log in and configure its network interface (see the [Ubuntu docs](https://ubuntu.com/server/docs/configuring-networks) for a detailed guide on how to set up networking on Ubuntu Server). + +--- +# Interacting with the appliance + +The QEA listens for incoming requests on port 80. + +The root path (“/”) returns a UI that displays various metrics, and health reports. This UI can also be used to download application log files for troubleshooting purposes. + +Client applications can request a configurable amount of entropy from the entropy API, which is served from the “/api/v1/” route. The complete spec for the API can be found below. + +--- +# OpenAPI spec + +```yaml +openapi: 3.0.0 +info: + title: Entropy API Schema + description: Entropy API Schema + version: 1.0.0 + +paths: + /api/v1/get_entropy: + post: + summary: Get entropy + description: Returns blocks of quantum entropy. + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + block_size: + type: integer + description: Size of each entropy block in bytes. + format: byte + minimum: 1 + maximum: 1024 + block_count: + type: integer + description: Number of entropy blocks. Defaults to 1. + default: 1 + minimum: 1 + maximum: 512 + responses: + '200': + description: Entropy successfully generated. + content: + application/json: + schema: + type: object + properties: + entropy: + type: array + items: + type: string + format: byte + description: Base64 encoded byte string representing the generated entropy. + extensions: + type: array + items: + type: object + description: Optional array of JSON objects representing extensions. + example: + entropy: ["dWLmTxePnl5l9bnwb1qAAQ==", + "DnDqtrbysUoRwr9Meko+ug==", + "b//8fWTqpGWOFwbNNcQORQ==", + "9LhJWGYXQjt7x8/V1QBarw=="] + extensions: [] + + '503': + description: Entropy capability source unavailable. + + /api/v1/get_capabilities: + get: + summary: Retrieve Entropy Capabilities + description: This endpoint retrieves the capabilities of the entropy source. + responses: + '200': + description: Capabilities successfully retrieved. + content: + application/json: + schema: + type: object + properties: + entropy: + type: object + properties: + min_block_size: + type: integer + description: Minimum block size in bytes. + max_block_size: + type: integer + description: Maximum block size in bytes. + min_block_count: + type: integer + description: Minimum block count. + max_block_count: + type: integer + description: Maximum block count. + entropy_types: + type: array + items: + type: string + description: Optional array of strings describing possible entropy source variations + example: ["quantum"] + extensions: + type: array + items: + type: object + description: Optional array of JSON objects representing extensions. + healthtest: + type: object + properties: + test_threshold: + type: array + items: + type: object + properties: + test_type: + type: string + description: Test performed, e.g., nist_90b, dieharder, vendor_test1, etc. + good: + type: number + format: float + description: Test value for good quality entropy range, e.g., 0.95. + warning: + type: number + format: float + description: Test value for low quality entropy range, e.g., 0.90. + error: + type: number + format: float + description: Test value for bad quality entropy range, e.g., 0.85. + extensions: + type: array + items: + type: object + description: Optional array of JSON objects representing extensions. +``` +--- +# Server Specs + +||| +|:---|:---| +| **Dimensions** | 17" x 21.3" x 1.75"| +| **Processor** | One Intel® Xeon® Processor E-2300 (Rocket Lake) Product Family | +| | Supports CPU TDP up to 95W | +| **System Memory** | 2 channels DDR4 / 2 DPC UDIMM ECC Up to 3200 MT/s. | +| | Total 4 memory slots; up to 128GB | +| **Drive Bays** | 3.5" 1 (SATA) | +| | 2.5" 2 (1 x shared with 3.5") | +| | M.2 2 x M.2(NGFF)/M-Key/22110 | +| **Expansion Slots** | 2 x PCIe Gen4 x8 slots | +| | 1 x PCIe Gen3 x8 slot (with x4 link) | +| **On-board Devices** | 6x SATA 6G ports (4x in miniSAS HD + 2x 7pin + 2x M.2)| +| | Aspeed AST2500 Advanced PCIe Graphics & Remote Management Processor | +| | Baseboard Management Controller +| | Intelligent Platform Interface 2.0 (IPMI 2.0) +| | iKVM, Media Redirection, IPMI over LAN, Serial over LAN +| | Intel® I350 AM4/AM2 co-design to support 2/4 x GbE (SKU option) +| | Realtek RTL8211EL for BMC dedicated management port +| | 2D Video Graphic Adapter with PCIe bus interface +| **Rear I/O** | LAN: 3 x GbE RJ45 (2 x shared, 1 x dedicated) +| | USB: 2 x USB 3.0 Type A +| | Graphic: Mini-display port (enabled with specified CPU) +| | Serial Port: 1 x COM by 3.5mm audio jack +| **Power Supply**| 300W 1+1 redundant power supply 80+ Gold +| **System Cooling** | 3 x 40x56mm hot swap fans \ No newline at end of file diff --git a/docs/404.html b/docs/404.html index a519c8bc..eb4b7521 100644 --- a/docs/404.html +++ b/docs/404.html @@ -9,15 +9,15 @@ 404 Page not found - - - - - - - + + + + + + + - +