[tor-dev] adding smartcard support to Tor
kenkeys at comcast.net
Sat Oct 17 18:36:59 UTC 2015
What is the advantage of a smart card over a standard encrypted thumb drive?
On 10/17/2015 11:19 AM, Razvan Dragomirescu wrote:
> Thank you Ivan, I've taken a look but as far as I understand your
> project only signs the HiddenService descriptors from an OpenPGP card.
> It still requires each backend instance to have its own copy of the
> key (where it can be read by an attacker). My goal is to have the HS
> private key exclusively inside the smartcard and only sign/decrypt
> with it when needed but never reveal it. An attacker should not be
> able to steal the key and host his own HS at the same address - the
> address would be effectively tied to the smartcard - whoever owns the
> smartcard can sign HS descriptors and decrypt traffic with it, so he
> or she is the owner of the service.
> Best regards,
> Razvan Dragomirescu
> Chief Technology Officer
> Cayenne Graphics SRL
> On Sat, Oct 17, 2015 at 4:43 AM, Ivan Markin <twim at riseup.net
> <mailto:twim at riseup.net>> wrote:
> Razvan Dragomirescu:
> > I am not sure if this has been discussed before or how hard it would be to
> > implement, but I'm looking for a way to integrate a smartcard
> with Tor -
> > essentially, I want to be able to host hidden service keys on
> the card. I'm
> > trying to bind the hidden service to a hardware component (the
> > so that it can be securely hosted in a hostile environment as
> well as
> > impossible to clone/move without physical access to the smartcard.
> I'm not sure that this solution is 100% for your purposes. But
> I've added OpenPGP smartcard support to do exactly this into
> +. What it does is that it just signs a HS descriptor using
> OpenPGP SC (via 'Signature' or 'Authentication' key). [It's still a
> pretty dirty hack, there is no even any exception handling.] You
> can use
> it by installing "manager/front" service with your smartcard in it via
> OnionBalace and balancing to your actual HS. There is no any bandwidth
> limiting (see OnionBalance design). You can setup OB and an actual
> HS on
> the same machine for sure.
> > I have Tor running on the USBArmory by InversePath (
> > http://inversepath.com/usbarmory.html ) and have a microSD form
> factor card
> > made by Swissbit (
> > ) up and running on it. I am a JavaCard developer myself and I have
> > developed embedded Linux firmwares before but I have never
> touched the Tor
> > source.
> There is a nice JavaC applet by Joeri . It's the same applet that
> Yubikey is using. You can find well-written tutorial of producing your
> OpenPGP card at Subgraph .
> > Is there anyone that is willing to take on a side project doing
> this? Would
> > it be just a matter of configuring OpenSSL to use the card (I
> haven't tried
> > that yet)?
> I'm not sure that it is worth to implement a card support in
> little-t-tor itself. As I said, all the logic is about HS descriptor
> signing. Python and other langs that provide readablity will provide
> security then.
> I think/hope so.
>  https://github.com/mark-in/onionbalance
>  https://github.com/mark-in/openpgpycard
>  http://sourceforge.net/projects/javacardopenpgp/
>  https://subgraph.com/sgos/documentation/smartcards/index.en.html
> Hope it helps.
> Ivan Markin
> \ / ASCII Ribbon Campaign
> X against HTML email & Microsoft
> / \ attachments! http://arc.pasp.de/
> tor-dev mailing list
> tor-dev at lists.torproject.org <mailto:tor-dev at lists.torproject.org>
> tor-dev mailing list
> tor-dev at lists.torproject.org
More information about the tor-dev