Old PC as Hardware Security Module?
Robert J. Hansen
rjh at sixdemonbag.org
Mon May 14 12:37:57 CEST 2007
> Does anyone know of software available to make an old PC into
> like a hardware security module.
What particular type of HSM do you mean?
> I can't stand the thought of storing my private key on my main
> I use my main computer for things like web browsing and email, which I
> think puts its security in serious jeopardy. I think a separate
> which has only a single function, would be a valuable increase in
I'm assuming you're doing something incredibly high-value, like
storing nuclear weapon release codes or voting data or mortgage
contracts or classified material or... etc. If that's the case, then
you need to talk to a professional and not the sort of more or less
anonymous advice you're likely to get from a mailing list.
If you're not doing these incredibly high-value things, then you may
want to rethink your threat model. This appears to be excessive
overkill for most threat models I can imagine.
I'm certainly not going to tell you that you shouldn't be doing these
things. I don't know you and I don't know what you face. All that
I'm doing is asking you to sit down and think critically about your
model. I hope I can do that without sounding dismissive of your
> I've been considering getting an OpenPGP Card, but there are three
> reasons I'm reluctant to. The main one is that I want something that
> will only do one signature or decryption at a time. That way if my
> machine is compromised, I'll only suffer one hit before I'll notice
> something's wrong.
The OpenPGP card actually gives you a substantial advantage in this
Let's say that you're running GnuPG on a PC and I'm able to subvert
the box. I put in a keylogger and snarf your passphrase. I also
copy your private keyring and mailspool off the box. I can now read
your mail without ever touching it, except to copy a couple of files
and install a small app. You're none the wiser.
Compare this to an OpenPGP card, where I have to find you in a dark
alley and have a conversation with your kneecaps to get your card and
PIN. You will most probably know that something has happened to you.
> There are two other minor issues. I'd prefer my keys be encrypted when
> not in use, so that if my device falls into the wrong hands, I won't
> have to worry too much. Does the OpenPGP Card encrypt the keys while
> stored on the card?
To my understanding, the OpenPGP card is tamper-resistant. That's
not to say it's tamper-proof, but it would require substantial work
to get access. I would not worry too much if your card fell into the
wrong hands, unless those wrong hands happen to belong to a First
World intelligence service, a major international corporation, or
some ambitious CompSci or EE graduate students.
> Also, the OpenPGP Card appears to be from a german organization, like
> the one that developed the Java Anonymous Proxy, and was forced by the
> german government to back door the software. Does the german
> still consider it legal to force programmers to back door their
You do know that Werner Koch, one of the central developers of GnuPG,
is German, right? And that GnuPG at one point took some funding
(long since spent) from the German government?
If you're concerned about Germany involving itself in the crypto
software business, you should probably not use GnuPG. That said, I
am not concerned about this.
> With governments accusing each other of stealing proprietary
> info and such
Governments accuse each other of stealing classified material.
Corporations accuse each other of stealing proprietary material.
> Does anyone know if any other democratic governments consider it legal
> to force programmers to incorporate back doors?
Force? No, I can't think of a single one. Not even the UK's
ridiculous Regulation of Investigatory Powers Act (RIPA) went that far.
On the other hand, they can certainly attempt to persuade.
Patriotism, vanity, greed, fear... there are many ways to motivate
someone to cooperate with you. Governments are generally very good
More information about the Gnupg-users