[tor-dev] adding smartcard support to Tor

[Ivan Markin]

Razvan Dragomirescu:
> Thank you Ivan, I've taken a look but as far as I understand your project
> only signs the HiddenService descriptors from an OpenPGP card. It still
> requires each backend instance to have its own copy of the key (where it
> can be read by an attacker). My goal is to have the HS private key
> exclusively inside the smartcard and only sign/decrypt with it when needed
> but never reveal it.An attacker should not be able to steal the key and
> host his own HS at the same address - the address would be effectively tied
> to the smartcard - whoever owns the smartcard can sign HS descriptors and
> decrypt traffic with it, so he or she is the owner of the service.

Yes, it still requires to have plain keys for decryption of traffic on
backend instances, sure. But you're not right about key "stealing"
(copying). An address of a HS is calculated from key which is signing
descriptors. This key resides on a smartcard. It's already
"the-address-would-be-effectively-tied-to-the-smartcard" situation there.

I do not see any reason to decrypt traffic on a smartcard; in case if an
attacker can copy your backend key there is no need to decrypt anything
- they already have an access to the content on your instance. Also
backend instances' keys are disposable - you can change them seamlessly.

P.S. Notice about bandwidth issue when you're decrypting all of the
traffic on a smartcard (half-duplex, etc.).

-- 
Ivan Markin
/"\
\ /       ASCII Ribbon Campaign
 X    against HTML email & Microsoft
/ \  attachments! http://arc.pasp.de/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20151017/9895e35f/attachment.sig>