Secret key storage question
David Shaw
dshaw at jabberwocky.com
Wed Jun 19 21:08:01 CEST 2002
On Wed, Jun 19, 2002 at 12:54:35PM -0500, Bob Luckin wrote:
> On Wed, Jun 19, 2002 at 01:38:50PM -0400, David Shaw wrote:
> > On Wed, Jun 19, 2002 at 12:14:53PM -0500, Bob Luckin wrote:
> > > On Wed, Jun 19, 2002 at 09:16:39AM +0200, Arno Wagner wrote:
> > > ...
> > > > My personal assumption is that as soon as somebody can break
> > > > into my computer without me noticing very soon or somebody gets
> > > > physical access to my computer, the attacker is in. Doing
> > > > keyloggers in hardware or software is not that difficult. Not
> > > > araising my suspicion is also possible to do. I would not think
> > > > it needs the NSA for that.
> > > >
> > > > Only way around that would be encryption doen on a trusted
> > > > token, like a smartcard, which I would immediately miss if
> > > > stolen.
> > >
> > > But if someone has enough access to your machine to be able to setup a
> > > keylogger, then could they not equally well set up something to log the
> > > data coming off / going on to the smartcard when it is read/written ?
> > > Then they wouldn't need to steal it.
> >
> > Sure, but that only gives the attacker the one message. They wouldn't
> > get the secret key which gives them all messages.
>
> If it is on the card, and they can read the card, surely they would ?
>
> Even if not, they'd get every subsequent message sent via the computer until
> the attack was discovered.
>
> Or am I missing something here ?
Crypto smartcards don't just store the secret key - they in effect
*are* the secret key. They do all the crypto math on the card itself,
so the host computer never sees the secret key. The host uploads the
session key, the card encrypts/decrypts it, and returns the result.
David
--
David Shaw | dshaw at jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson
More information about the Gnupg-devel
mailing list