Increasing Public Key Crypto Security with Handhelds

Brian Ristuccia brianr at osiris.978.org
Sat Nov 27 14:30:24 CET 1999


On Sun, Nov 28, 1999 at 08:13:52AM +1300, Peter Gutmann wrote:
> Brian Ristuccia <brianr at debian.org> writes:
> 
> >I just came up with what I think may be a good way to increase the security
> >of GNU Privacy Guard using a cheap handheld computer like the Palm III or
> >the Handspring visor. I'm sure this has been proposed before with smartcard
> >technology or something similar. I'm not a cryptographer, so I'm interested
> >in hearing your comments.
> 
> This has already been done by implementing a PKCS #11 interface to a Palm
> Pilot, the idea is that you use the Palm Pilot in place of a more usual crypto
> token like a smart card or iButton.  Unfortunately the only implementations I
> know of are stuck behind the iron curtain (and even there they're not widely
> circulated), so they're not accessible to non-US users.  
> 
> The easiest way to handle this would be to take gpkcs11,
> http://www.trustcenter.de/html/Produkte/TC_PKCS11/1494.htm, and port it to the
> Palm Pilot so it can act as a PKCS #11 token.  For handling the other side of
> things, I hope to release my general-purpose PKCS #11 interface code before the
> end of the year, this has been tested with a wide variety of tokens including
> smart cards, iButtons, crypto hardware, datakeys, and other bits and pieces, 
> so you could use that to talk to the Palm Pilot.
> 

Would such an arrangement allow for a partial display of the encrypted
document before the session key is released to the PC? Would it offer the
display of a document summary before signing in a way that said document
summary would invalidate the signature if it was not actually a subset of
the document being signed?

Otherwise, a compromised PC could trick the user into using their handheld
to decrypt or sign arbitrary documents. 


-- 
Brian Ristuccia
brianr at osiris.978.org
bristucc at nortelnetworks.com
bristucc at cs.uml.edu



More information about the Gnupg-devel mailing list