Support remote key attestation

[nakedible-p]

Currently Krypton does no verification of the device or software that the key is from. This means that on an rooted/exploited phone:

• There is no assurance that the key is securely stored
• There is no assurance that there are no copies of the key
• There is no assurance that user authentication has happened recently

This is not a problem if the user is the one also controlling the servers being accessed, as then the trust is equivalent - the user probably trusts his own device to be secure enough, or would not try to add keys there. However, in a corporate setting, or any setting where the user is possibly untrusted, there is reason to set a policy on the security level of the device - for example, in a banking setting the bank might be liable for fraudulent transfers unless it can prove that the user authorized them and without ensuring device security the user might just claim that somebody hacked their (rooted/custom ROM) phone.

The proposal would be to add support for Secure Key Attestation. Since the key attestation would be pointless on the device itself, the key attestation must be performed by the servers using the key. The simplest way to achieve this would be to do verification during pairing by including the key certificate chain in the "me response" generated and letting krd verify the chain against root certificates.

This could also be incorporated to the Teams feature, by setting a policy for a team that requires key attestation for all users and verifying the key attestation in the sigchain.

This is also partly related to two factor authentication in #93. Without key attestation it cannot be verified that two factor authentication is actually used, as the device can claim anything it wishes.

[kcking]

Thanks for the detailed request! I agree that we should take advantage of the key attestion Android provides and perform verification in the sigchain. We'll keep this open as a tracking issue.