[tor-dev] adding smartcard support to Tor

[grarpamp]

On Sat, Oct 17, 2015 at 5:46 PM, Razvan Dragomirescu
<razvan.dragomirescu at veri.fi> wrote:
> Exactly, you ask the smartcard to decrypt your traffic (and sign data if
> needed), it never tells you the key, it's a blackbox - it gets plaintext
> input and gives you encrypted (or signed) output, without ever revealing the
> key it's used. It can also generate the key internally (actually a keypair,
> it stores the private key in secure memory (protected from software _and_
> hardware attacks)) and gives you the public key so that you can publish it.
>
> Remember, smartcards are not just storage, they are tamper resistant
> embedded computers.

I misread your original intent.

Yes if you intend to patch tor to use a smartcard as a
cryptographic coprocessor offloading anything of interest
that needs signed / encrypted / decrypted to it. The card
will need to remain plugged in for tor to function. The card
will need to know to generate new keys periodically for
the functions in tor that need them... new key usage API's
will need developed between the card and tor to manage that.
OpenSSL may have card functions already but not in a way
that makes sense to abstract upper program logic of tor.
And your own use of "pin" and input to enable the card
itself should be as secure as that to be protected.

It's worth looking at the keyops per second and
streamrates per second needed by various crypto
parts of tor and determining what smartcards / expansion
cards on the market could handle which parts of that.
Cards need to support the crypto algos that tor uses
or will be moving to.