[tor-dev] adding smartcard support to Tor

Ivan Markin twim at riseup.net
Sat Oct 17 01:43:41 UTC 2015

Razvan Dragomirescu:
> I am not sure if this has been discussed before or how hard it would be to
> implement, but I'm looking for a way to integrate a smartcard with Tor -
> essentially, I want to be able to host hidden service keys on the card. I'm
> trying to bind the hidden service to a hardware component (the smartcard)
> so that it can be securely hosted in a hostile environment as well as
> impossible to clone/move without physical access to the smartcard.

I'm not sure that this solution is 100% for your purposes. But recently
I've added OpenPGP smartcard support to do exactly this into OnionBlance
[1]+[2]. What it does is that it just signs a HS descriptor using
OpenPGP SC (via 'Signature' or 'Authentication' key). [It's still a
pretty dirty hack, there is no even any exception handling.] You can use
it by installing "manager/front" service with your smartcard in it via
OnionBalace and balancing to your actual HS. There is no any bandwidth
limiting (see OnionBalance design). You can setup OB and an actual HS on
the same machine for sure.

> I have Tor running on the USBArmory by InversePath (
> http://inversepath.com/usbarmory.html ) and have a microSD form factor card
> made by Swissbit (
> www.swissbit.com/products/security-products/overwiev/security-products-overview/
> ) up and running on it. I am a JavaCard developer myself  and I have
> developed embedded Linux firmwares before but I have never touched the Tor
> source.

There is a nice JavaC applet by Joeri [3]. It's the same applet that
Yubikey is using. You can find well-written tutorial of producing your
OpenPGP card at Subgraph [4].

> Is there anyone that is willing to take on a side project doing this? Would
> it be just a matter of configuring OpenSSL to use the card (I haven't tried
> that yet)?

I'm not sure that it is worth to implement a card support in
little-t-tor itself. As I said, all the logic is about HS descriptor
signing. Python and other langs that provide readablity will provide
security then.
I think/hope so.

[1] https://github.com/mark-in/onionbalance
[2] https://github.com/mark-in/openpgpycard
[3] http://sourceforge.net/projects/javacardopenpgp/
[4] https://subgraph.com/sgos/documentation/smartcards/index.en.html

Hope it helps.
Ivan Markin
\ /       ASCII Ribbon Campaign
 X    against HTML email & Microsoft
/ \  attachments! http://arc.pasp.de/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20151017/24e15ebc/attachment.sig>

More information about the tor-dev mailing list