[tor-dev] adding smartcard support to Tor
twim at riseup.net
Tue Oct 20 19:05:11 UTC 2015
> Yes if you intend to patch tor to use a smartcard as a
> cryptographic coprocessor offloading anything of interest
> that needs signed / encrypted / decrypted to it. The card
> will need to remain plugged in for tor to function.
As I said before, only thing that actually needs to be protected here is
"main"/"frontend" .onion identity. For that purpose all you need to do
is to sign descriptors. And not to lose the key.
> However how is "pin" on swissbit enabled?
> If it goes from the host (say via ssh or keyboard or some
> device or app) through usb port through armory to swissbit,
> that is never secure.
No, I will be secure. An adversary could sniff your PIN and sign
whatever they want to, true. But revealing the PIN != revealing the key.
In this case your identity key is still safe even if your PIN is
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 455 bytes
Desc: OpenPGP digital signature
More information about the tor-dev