exclusive vs. shared smart card access

Simon Josefsson simon at josefsson.org
Tue Sep 1 09:15:10 CEST 2015

Jacob Appelbaum <jacob at appelbaum.net> writes:

> It sounds like there is a problem with the authentication protocol for
> the card, doesn't it?

Yes, smartcard authentication is comparable to 1980's Unix
authentication: send a password in clear text.

It is the same with all major smartcard protocols that I'm aware of.

What you want is to have something that could be called
"application-level pairing", where the application creates a secure
channel to the smartcard instead of trusting intermediares to proxy
cleartext data properly.  Then proof of the PIN can be proven over that
secure channel (not necessarily by sending it over directly).  One
advantage with this is that access to the smartcard is available only to
the application that opened it, and not any random process on the host.
Then shared access to the smartcard would not be a problem.  Earlier
versions of the U2F protocol had this property, but it was removed.  I
don't know of any published smartcard protocol with this feature.

It would be cool if future versions of the OpenPGP Card specification
would support this.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 472 bytes
Desc: not available
URL: </pipermail/attachments/20150901/2c3c9127/attachment.sig>

More information about the Gnupg-devel mailing list