[tor-dev] adding smartcard support to Tor

Razvan Dragomirescu razvan.dragomirescu at veri.fi
Sat Oct 17 21:46:29 UTC 2015


Exactly, you ask the smartcard to decrypt your traffic (and sign data if
needed), it never tells you the key, it's a blackbox - it gets plaintext
input and gives you encrypted (or signed) output, without ever revealing
the key it's used. It can also generate the key internally (actually a
keypair, it stores the private key in secure memory (protected from
software _and_ hardware attacks)) and gives you the public key so that you
can publish it.

Remember, smartcards are not just storage, they are tamper resistant
embedded computers. Very limited computers, true, but very good at keeping
secret keys secret, both from a software attack and from a hardware (drop
the card in acid, use a logic analyzer kind of) attack.

Razvan

--
Razvan Dragomirescu
Chief Technology Officer
Cayenne Graphics SRL

On Sat, Oct 17, 2015 at 11:40 PM, Ivan Markin <twim at riseup.net> wrote:

> Ken Keys:
> >> > The point is that one can't[*] extract a private key from a smartcard
> >> > and because of that even if machine is compromised your private key
> >> > stays safe.
> > If the machine is going to use the HS key, the actual HS key has to be
> > visible to it.
>
> Nope. If the machine is going to use the HS key it can ask a smartcard
> to do so. Of course private key is visible to something/someone anyway.
> But in case of smartcards it is visible to a smartcard only.
>
> > An encrypted container holding a VM could use RSA-style
> > public/private key encryption so that it never has to see the private
> > key used to unlock it. You would still need to trust the VM, but the
> > encrypted container would allow you to establish a chain of custody.
>
> It's OK to unlock some encrypted block device/VM with some 'unpluggable'
> key. But it does nothing to protect your HS' identity.
>
> --
> Ivan Markin
> /"\
> \ /       ASCII Ribbon Campaign
>  X    against HTML email & Microsoft
> / \  attachments! http://arc.pasp.de/
>
>
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20151018/f2339ccc/attachment.html>


More information about the tor-dev mailing list