PIN-Entry

Werner Koch wk@gnupg.org
Wed Oct 24 16:20:01 2001 

On Wed, 24 Oct 2001 15:44:03 +0200, Olaf Schlueter said:

> I have the feeling (maybe wrong) that there is a misconception about the
> "Secure PIN entry" feature some more advanced readers do provide (Markus

I don't think so.  There was a misunderstanding by Markus related to
the PIN Entry.  My original post was about the PIN Entry which is used
to get the passphrase or PIN from the user.  Well, it will also be
used to get the PIN for a passphrase if a reader with a keypad is not
available.

> Second comment: I think it is worth to be discussed, how the PIN module,
> especially its communication path to the other modules, shall be protected
> against trojan horse attacks.

You can't do anything against a trojaned system.  The only thing a
smardcard may provide is protection of the secret key.

Passive attacks are possible and in theory an attacker could sniff on
the communication between the GpgAgent and the PINEntry - it is not
easy, though.  To prevent this we have the option to encrypt the
communication between these modules; a random session key agreed on
using DH is pretty simple - although a bit computing intensive.  MiM
attacks are not an issue in this setting.

To prevent snopping on the keyboard we will grab keyboard and mouse as
usual for login programs.

However, if an attacker is able to get read access to a user account
he can also read the memory of all processes belonging to that user. So
any encryption between user owned modules is pretty much pointless.

BTW, if you get read access you will have write and execute access
really soon after.

One thing which is really worth to implement is a protection against
malicious other users on the same machine.  We do this by either using
pipes (which are not readable by other users) or Unix domain sockets
owned by the user.  To protect against wrong permissions setting of
the socket the server always checks the credentials of the peer.

Ciao,

  Werner

-- 
Werner Koch        Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH      et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions                                        -- Augustinus