[tor-dev] adding smartcard support to Tor

Ken Keys kenkeys at comcast.net
Sat Oct 17 19:50:13 UTC 2015

On 10/17/2015 12:27 PM, Ivan Markin wrote:
> Ken Keys:
>> If the tor process is going to use the key, at some point the
>> unencrypted key has to be visible to the machine running it. You would
>> in any case have to trust the machine hosting the tor node. A more
>> secure setup would be to run the tor node inside an encrypted VM and use
>> your smartcard/dongle/whatever to unlock the VM.
> The point is that one can't[*] extract a private key from a smartcard
> and because of that even if machine is compromised your private key
> stays safe.
> [*] Not so easy, but possible.
If the machine is going to use the HS key, the actual HS key has to be
visible to it. An encrypted container holding a VM could use RSA-style
public/private key encryption so that it never has to see the private
key used to unlock it. You would still need to trust the VM, but the
encrypted container would allow you to establish a chain of custody.

More information about the tor-dev mailing list