possible pinentry enhancement

Fri May 20 04:04:20 CEST 2016

Hello,

I came up with this idea while considering communication of scdaemon
and Gnuk Token.

Let me explain the background, at first.

While many smartcard implementations might store private key as raw
form and only control its access by PIN, Gnuk stores private key as
protected by passphrase just like gpg-agent does so (although s2kcount
is much smaller).  This is because I care about the possibility that
the internal flash ROM on the general purpose MCU could be accessed by
some special tool/cost.

Next, let me show the idea of pinentry enhancement.

The idea is:

	Let the pinentry computes KDF (on host computer).
        (KDF: Key Derivation Function)

Currently, the s2kcount in Gnuk would be too small.  However,
increasing this value is not practical, because MCU runs at 72MHz.  To
lower the risk, I think that it is possible to compute (a part of) KDF
on host computer.

I'm considering something like this figure for authentication.

-------------------------------------------------------------
     User           pinentry       scdaemon     Gnuk

   ( This is not mandatory, scdaemon generates
     SALT by the device's unique serial number or
     application ID.
                                        <--SALT--
    )
                            <--SALT--
           dialog
         <----------
         ---PASSWD--> [KDF]
                            ---DEK-->
                                        ---DEK-->
-------------------------------------------------------------

That is, pinentry supports computation of KDF.  Since it runs
on host computer, it can use as much of CPU cycles as with.

Any thoughts?
-- 