Smart card fragility?
hawke at hawkesnest.net
Tue Sep 20 19:15:25 CEST 2005
Werner Koch wrote:
> One could imagine a reader with keypad which reliable enforces the use
> of the pinpad by catching all VERIFY commands and somehow is able tell
> the user which PIN has been requested (requires knowledge of the smart
> card application). I don't know such a reader.
Or a standardized way for a card reader to respond to any application
with that information.
I'm not going to hold my breath for such a solution though. :-D
>>treat it as a flag that tells the card to wipe all private keys.
> Yes, this is possible.
Possible, surely. But how likely to get into the OpenPGP card?
> Actually card vendors won't see that as a benefit to them. After all
> there business is to sell cards.
Of course it would not be an immediate benefit, but I think they would
find that many more people would be interested in their product if it
didn't have a built-in self-destruct mechanism. I know I'd be much more
inclined to push for my company to use a smart card that was reusable.
> For the user the real damage is not
> the locked card but the loss of the keys which are far more valuable
> than that piece plastic and silicon.
The relative value of the key vs. the card depends on the application.
For something like a CA, the key is almost definitely more valuable. (I
guess the term "CA" doesn't really apply to OpenPGP ... so say a very
well-known key pair) But in a case where the card is used primarily for
authentication, or really any "client-side" type application, the card
is probably going to be more valuable.
For me, I use the card for a signing subkey and auth subkey only (for
just this reason) so if the key is lost, I could just generate a new
signing key and carry on without losing anything. But if the card is
lost/locked I have to buy a new one, which is a hassle and expense I'd
prefer not to have to deal with.
> OTOH, I understand your concerns. In particular when developing
> applications a complete wipe out command would be a nice to have. We
> already discussed whether we can add such a thing as an optional
> feature to the next release of the specification.
That would be excellent if it's likely to actually be implemented.
-Alex Mauer "hawke"
Bad - You get pulled over for doing 90 in a school zone and you're drunk
off your ass again at three in the afternoon.
Worse - The cop is drunk too, and he's a mean drunk.
FUCK! - A mean drunk that's actually a swarm of semi-sentient
OpenPGP key id: 0x51192FF2 @ subkeys.pgp.net
More information about the Gnupg-devel