Old PC as Hardware Security Module?

Casey Jones groups at caseyljones.net
Tue May 15 08:01:54 CEST 2007

Werner Koch wrote:
> On Mon, 14 May 2007 16:15, groups at caseyljones.net said:
>> Why doesn't it make sense? The chip's security features make it fairly 
>> secure. But having the keys encrypted on the card would make it highly 
>> secure. As long as the passphrase hadn't been captured, like after being 
> No, you are required to remember a long passphrase and use it all the
> time.  The advantage of a PIN is that it is easy to remember (well, even
> the 6 digits are too many for many people).  Security is tradeoff here
> between usability and semi-paranoia.

I thought most people kept their private keys encrypted with a long 
passphrase on their hard drives anyway. Since memorizing a 128bit 
decimal passphrase would be impractical, I envision entering the 
passphrase on your keyboard, which would be sent to the card to decrypt 
the key, then entering a short PIN on the PIN pad as well. If someone 
had already rooted your computer before physically stealing your card, 
then you would be defeated.

But it seems to me there are a small but significant possibility of 
situations where someone hostile might get possession of your card but 
not have rooted your computer. Your card might be confiscated at a 
border crossing for example. Or you might get arrested by mistake or for 
something minor, and loose possession of your card for a while. A lot of 
governments might be able to trivially crack smart card security. The 
local police might overnight it to the feds for a quick key extraction. 
Organized criminals might have no problem cracking it either. A 
pickpocket might sell it to some mobsters for industrial espionage or to 
ransom back to you.

> If on the other side you really have these strong security demands, you
> need to define your whole working process very tightly.  The smart card
> will be just a very small piece of the whole story.

Encrypting the key on card seems to me like a minor inconvenience for a 
significant security enhancement. I'd say it's worthwhile even for a low 
security situation.

>> Can the person who loads the software onto the cards be given orders by 
>> the German court?
> No, that is ridiculous.  The vendor does not know who will buy the card
> and no court is able to a demand that all cards are to be bugged.

Apparently every copy of the JAP was modified. Why not every BasicCard 
or every OpenPGP Card, in order to target a single individual?

>> According to this article
>> http://www.theregister.co.uk/2003/08/21/net_anonymity_service_backdoored/
>> it was mandated by the courts.
> IIRC, the prosecution office asked for the data and not a court.  For
> whatever reasons the JAP folks at the Dresden university decided that
> they want to help them.  There was no actual need.

At https://www.datenschutzzentrum.de/material/themen/presse/anonip_e.htm

   "the ICPP received a judicial instruction
    by the Local Court (Amtsgericht) Frankfurt
    / Main, Germany, by which the collaborators
    of the research project AN.ON were bound
    to record all access to a particular IP address"

Were they forced, or did they lie, or what? How did their appeal go?

>>> That is basically the same as with a TOR server: It is
>>> possible to log things to help the prosecution but no sane person wouild
>>> do this.
>> Are the authors of the Java Anonymous Proxy not sane? If they would do 
>> it, why not ZeitControl?
> Indeed, adding a logging feature and using it for more than debugging is
> IMHO insane.

I don't think that qualifies as insane. You may have a misunderstanding 
of the definition of the word insane or perhaps you're just 
exaggerating. But even if it is insane, if the JAP developers are that 
insane, why not ZeitControl also?

> Regarding the Zeitcontrol OS used by the card: I have no
> idea whether they log things.  But I have enough reasons to believe they
> don't: Where should it be saved, what subliminal channels are they using

The only advantage of the smart card is that it makes extraction of the 
private key impractical (hopefully). Therefore an embedded exploit would 
probably be just an alternative master PIN and a way to dump the memory.

> and how would they make money with such a feature.

The developers of open source privacy software are probably generally 
highly resistant to the compromise of their work. And if the exploit is 
revealed, they probably won't loose their job or company. But a company 
would probably be much more motivated to keep such a court order secret, 
for fear of having their business ruined if they should be found out. If 
the software is closed source, there's a good chance they could keep it 

> Have you also asked the card reader vendors whether they have a
> backdoor?  Or the firmware of your old PC, or....?

That's a serious concern. Especially for machines made in china and some 
other places. The only small comfort I used to have was that I thought 
governments wouldn't risk ruining their software and electronics 
industry by forcing them to implant such things. But amazingly Germany 
seems willing to do this. It's one thing for the government itself to 
put bugs in only the items used by their targets, but to force others to 
  install secret compromises in every item released, casts doubt on all 
the products of the entire nation. I would think that the software 
manufacturers would insist on a law being made to say that the 
government couldn't force developers to participate in such secret 
exploits. A strong and clear ruling by the courts might be sufficient.

>> What will you do if the court orders you to turn on logging, hand over 
>> the logs, and keep it secret?
> I would shutdown the service of course. 
> But they can't demand that.  This is a service designed for routing
> packets in the Internet and as such explicitly excluded by the
> wiretapping laws.

I was wondering what you would do if the government required you to 
secretly log passphrases in gpg, or implant some other compromise. You 
say that you would go to jail before complying with the court order? I 
have no reason to doubt your integrity personally, I expect that you are 
an honorable person. But how can we be confident? Luckily gpg is open 
source, so we can verify for ourselves. Unfortunately the OpenPGP Card 

More information about the Gnupg-users mailing list