[tor-dev] adding smartcard support to Tor

Ken Keys kenkeys at comcast.net
Sat Oct 17 19:17:29 UTC 2015

If the tor process is going to use the key, at some point the
unencrypted key has to be visible to the machine running it. You would
in any case have to trust the machine hosting the tor node. A more
secure setup would be to run the tor node inside an encrypted VM and use
your smartcard/dongle/whatever to unlock the VM.

On 10/17/2015 12:00 PM, Razvan Dragomirescu wrote:
> Tamper resistance. And the fact that an attacker with access to the
> machine running Tor can read your encrypted thumb drive (you need to
> decrypt it at some point to load the key into the Tor process since
> the encrypted thumbdrive doesn't run crypto algos internally). A
> smartcard is a small embedded tamper-resistant _computer_ - you never
> ask it for the key, you ask it to _decrypt_ something for you or
> _sign_ something for you, you can never extract the key out of the card.
> Razvan
> --
> Razvan Dragomirescu
> Chief Technology Officer
> Cayenne Graphics SRL
> On Sat, Oct 17, 2015 at 9:36 PM, Ken Keys <kenkeys at comcast.net
> <mailto:kenkeys at comcast.net>> wrote:
>     What is the advantage of a smart card over a standard encrypted
>     thumb drive?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20151017/ecd0eebe/attachment.html>

More information about the tor-dev mailing list