23
Installing Krypt.co on NVIDIA Jetson Nano
When writing software that will perform AI on the edge, the NVIDIA Jetson Nano devboard is a great piece of hardware to play with. It's a 64-bit ARMv8 CPU architecture.
In order to create a smooth user experience of moving between development machines, I use krypt.co to manage the private keys for my SSH and GPG key pairs. This gives me the security benefit that access to my development machine doesn't give anyone "access" to connect to any SSH connections, or to sign anything with my GPG key. Secondly, this allows me to use 2FA for my SSH and GPG keys. The major downside is that Krypton was acquired by Akamai and at some point in the future, the krypt.co service will have to be shut down :(. Second issue is that my phone is now the guardian of my private keys.
Anyway, let's assume that you also want to use Krypt.co, and that you want to use an NVIDIA Jetson Nano as your dev machine. The problem with this, is that Krypton doesn't maintain an executable of the Linux kr
utility for the ARM64 CPU architecture in Linux (Debian flavors-- the Jetson Nano OS is based on Ubuntu). Luckily, Krypton gives you the instructions to build their kr
utility from source!
We are going to follow the Krypt.co installer instructions to install kr
from source on ARM64 CPU architecture running Linux 4 Tegra (L4T) (an Ubuntu-flavored Linux distro).
Get the ARM64
build for Linux from the Golang downloads page and follow the install instructions on the page. The download instructions might change, but here is what works for Go 1.16.7:
wget --secure-protocol=TLSv1_2 --https-only https://golang.org/dl/go1.16.7.linux-arm64.tar.gz && echo "63d6b53ecbd2b05c1f0e9903c92042663f2f68afdbb67f4d0d12700156869bac *go1.16.7.linux-arm64.tar.gz" | sha256sum -c -
# Make sure the result is "go1.16.7.linux-arm64.tar.gz: OK" which means the SHA256 has checked out.
This is covered on the instructions page, but essentially, you rm
any old versions of go, and then untar the download you just downloaded into /usr/local/go
as the root user. Then remove the tarball because you are done with it. Here is how it works for Go 1.16.7:
sudo rm -rf /usr/local/go && sudo tar -C /usr/local -xzf go1.16.7.linux-arm64.tar.gz && rm go1.16.7.linux-arm64.tar.gz
Handy tip: use the profile.d
executor to add go to your path:
sudo touch /etc/profile.d/go-bin-path.sh
Then put the following in that file:
# shellcheck shell=sh
# Expand $PATH to include the directory where golang executable is.
go_bin_path="/usr/local/go/bin"
if [ -n "${PATH##*${go_bin_path}}" ] && [ -n "${PATH##*${go_bin_path}:*}" ]; then
export PATH=$PATH:${go_bin_path}
fi
And next time you log into the shell session, you will have go installed.
While you can follow the official rustup installation (which is pretty easy to install using their install script), we will use the Rust packages that are part of Canonical's Bionic package repository.
sudo apt-get install -y rustc cargo
Now here is where the instructions deviate from the website. The go get
and such didn't really work out for me, but fetching the kr repo directly from GitHub worked when I followed the README in the repo.
wget --secure-protocol=TLSv1_2 --https-only https://github.com/kryptco/kr/archive/1937e31606e4dc0f7263133334d429f956502276.zip && echo "b1bf4a46ee998b4489d880e443cafc435bbfca3184c1d199597b60ee8ba2edf6 *1937e31606e4dc0f7263133334d429f956502276.zip" | sha256sum -c -
# Make sure the ^ command results with "1937e31606e4dc0f7263133334d429f956502276.zip: OK" which means the SHA256 has was correct.
unzip 1937e31606e4dc0f7263133334d429f956502276.zip -d kr && cd kr/kr-1937e31606e4dc0f7263133334d429f956502276
make install
make start
Now that you have built and installed the kr
utility, all that is left is to pair to your Krypton account.
kr pair
This will configure your Jetson Nano and your Krypt.co account to use 2FA when accessing your SSH keys.
As mentioned above, kr
can also be used to sign your git commits. This is great if your repos require signed commits.
All we have to do is:
git config --global user.name "username"
git config --global user.email "[email protected]"
kr codesign
Now any time you make a git commit
your commits will use kr to prompt your phone to approve the use of your GPG key.
Now that you have installed and tested Krypton, you can clean up in the build files.
cd ../../ # Or whatever directory you started in
rm -r 1937e31606e4dc0f7263133334d429f956502276.zip kr
23