Old PC as Hardware Security Module?

Robert J. Hansen rjh at sixdemonbag.org
Mon May 14 12:37:57 CEST 2007


> Does anyone know of software available to make an old PC into  
> something
> like a hardware security module.

What particular type of HSM do you mean?

> I can't stand the thought of storing my private key on my main  
> computer.
> I use my main computer for things like web browsing and email, which I
> think puts its security in serious jeopardy. I think a separate  
> computer
> which has only a single function, would be a valuable increase in  
> security.

I'm assuming you're doing something incredibly high-value, like  
storing nuclear weapon release codes or voting data or mortgage  
contracts or classified material or... etc.  If that's the case, then  
you need to talk to a professional and not the sort of more or less  
anonymous advice you're likely to get from a mailing list.

If you're not doing these incredibly high-value things, then you may  
want to rethink your threat model.  This appears to be excessive  
overkill for most threat models I can imagine.

I'm certainly not going to tell you that you shouldn't be doing these  
things.  I don't know you and I don't know what you face.  All that  
I'm doing is asking you to sit down and think critically about your  
model.  I hope I can do that without sounding dismissive of your  
concerns.

> I've been considering getting an OpenPGP Card, but there are three
> reasons I'm reluctant to. The main one is that I want something that
> will only do one signature or decryption at a time. That way if my
> machine is compromised, I'll only suffer one hit before I'll notice
> something's wrong.

The OpenPGP card actually gives you a substantial advantage in this  
situation.

Let's say that you're running GnuPG on a PC and I'm able to subvert  
the box.  I put in a keylogger and snarf your passphrase.  I also  
copy your private keyring and mailspool off the box.  I can now read  
your mail without ever touching it, except to copy a couple of files  
and install a small app.  You're none the wiser.

Compare this to an OpenPGP card, where I have to find you in a dark  
alley and have a conversation with your kneecaps to get your card and  
PIN.  You will most probably know that something has happened to you.

> There are two other minor issues. I'd prefer my keys be encrypted when
> not in use, so that if my device falls into the wrong hands, I won't
> have to worry too much. Does the OpenPGP Card encrypt the keys while
> stored on the card?

To my understanding, the OpenPGP card is tamper-resistant.  That's  
not to say it's tamper-proof, but it would require substantial work  
to get access.  I would not worry too much if your card fell into the  
wrong hands, unless those wrong hands happen to belong to a First  
World intelligence service, a major international corporation, or  
some ambitious CompSci or EE graduate students.

> Also, the OpenPGP Card appears to be from a german organization, like
> the one that developed the Java Anonymous Proxy, and was forced by the
> german government to back door the software. Does the german  
> government
> still consider it legal to force programmers to back door their
> software?

You do know that Werner Koch, one of the central developers of GnuPG,  
is German, right?  And that GnuPG at one point took some funding  
(long since spent) from the German government?

If you're concerned about Germany involving itself in the crypto  
software business, you should probably not use GnuPG.  That said, I  
am not concerned about this.

> With governments accusing each other of stealing proprietary
> info and such

Governments accuse each other of stealing classified material.   
Corporations accuse each other of stealing proprietary material.

> Does anyone know if any other democratic governments consider it legal
> to force programmers to incorporate back doors?

Force?  No, I can't think of a single one.  Not even the UK's  
ridiculous Regulation of Investigatory Powers Act (RIPA) went that far.

On the other hand, they can certainly attempt to persuade.   
Patriotism, vanity, greed, fear... there are many ways to motivate  
someone to cooperate with you.  Governments are generally very good  
at persuasion.





More information about the Gnupg-users mailing list