Old PC as Hardware Security Module?

Werner Koch wk at gnupg.org
Mon May 14 15:04:36 CEST 2007

On Mon, 14 May 2007 10:44, groups at caseyljones.net said:

> something's wrong. Can the OpenPGP Card be set to do one operation per 
> pin entry when used with a card reader that has a keypad? This seems 

Yes, use the command "forcesig" in the --card-edit menu to toggle this
feature.  However it does not help you if the host has been compromised
and the admin PIN is know.  You can always bypass the requirement to use
the keypad.  With some social engineering this make it easy to get
control over the card.

> software. It seems the OpenPGP Card relies on the proprietary BasicCard 
> operating system. Finally, it looks like the OpenPGP Card costs about 

That is indeed very unfortunate but we have found no other way to
deliver a fast card.  For allmost all fast chips you need to sign an NDA
which does not allow you to implement a fully free solution.  Building
your own chip is possible but they would be very expensive.  And no, a
Java Card does not help securitwise as you don't have access to the

> 26.4 Euros (about $36) shipped from Europe. That's a little high for me 
> right now.

What about an aggregated order or to figure out a company in the US to
distribute the cards?

> not in use, so that if my device falls into the wrong hands, I won't 
> have to worry too much. Does the OpenPGP Card encrypt the keys while 
> stored on the card?

No, that does not make sense - the standard security features of the
chip are employed to make probing the chip difficult and expensive.

> Also, the OpenPGP Card appears to be from a german organization, like 

That is not correct.  I have developed the specs along with Achim Peitig
of a Paderborn card vendor.  Achim wrote the implementation.  It was
done all on our own money and for our fun.  Only later the BSI (The
German federal IT security agency) mentioned this card as a good example
of a usable smart card without vendor lock in.

> the one that developed the Java Anonymous Proxy, and was forced by the 
> german government to back door the software. Does the german government 

JAP has not been backdoored but the organisations running a JAP server
have the ability to log the IP addresses.  The case you have in mind is
that the lists of IP addresses have been handed over to the prosecution
authorities.  IIRC, they have not been forced to do this but did this
voluntary.  That is basically the same as with a TOR server: It is
possible to log things to help the prosecution but no sane person wouild
do this.  My company is running a heavy loaded exit node
(allium.gnupg.org) and we get about one request a fortnight to tell the
IP address.  Obviously we don't do that and usually a few minutes talk
is today sufficient to explain them that this is an anoymizer server and
that there is no chance to get to the IP address of the previous node.

> still consider it legal to force programmers to back door their 
> software? I heard they were appealing it, but I never heard how that

There is no way to force backdoors in software.  Only ISPs (larger than
about 1000 clients) are required to have that expensive wiretapping rig
available - in case of a court order to set one.  And well, they need to
keep the client name and the assigned IP addrersses on file for too much
time.  But that has nothing to do with beeing forced to backdoor

> Does anyone know if any other democratic governments consider it legal 
> to force programmers to incorporate back doors?

Before answering that we need to agree on what countries are still
democratic ;-)



More information about the Gnupg-users mailing list