Possible to combine smartcard PIN with key password?

[NdK]

Il 23/12/2013 19:29, adrelanos ha scritto:

> This would be lucky, if one could enter the PIN using an external keypad
> (possible) AND a password using the keyboard (not possible).
I'd like it was possible, but for other reasons: that would mean you
could instantiate an object in card's RAM, havina actually a
limitless-memory card: you'd simply have to send the encrypted key blob,
the password and the PIN. Too bad in all cards I know key objects can
only be stored in EEPROM/Flash, that have a quite limited number of
writes :(
But, as Peter pointed, that wouldn't bring you more security.

> Checking the applet is difficult. Only few people are skilled to do.
Try reading code of an applet. You can learn the basis of SC devel in an
afternoon, and that would be enough to understand how a well-written app
works. Then throw away what you learnt and ask if some expert already
looked at that code :)

> I am a user of gnupg. I can't be auditor-like type of person for all
> projects I am using.
If you want to be paranoid enough, you need to. That, or pay a lot of
money -- and who guarantees you that the staff is not paid by a TLA
agency? ]:)

> And let's say the applet is fine as is. It will be
> much more difficult to find out if the smartcard really wipes the key as
> soon someone is trying to dismantle the card to directly read its
> memory. It is my understanding, that understanding such hardware design
> is even harder than understanding the applet. And knowing/searching for
> vulnerabilities in the hardware design is an art in itself.
Sure. Look at works by Ross Anderson, just for naming one expert in that
field. Maybe you want to hire him.

>> You can do many checks yourself: there are various OpenPGP Java
>> implementations around.
> Also the hardware design?
How much do you want to pay for that level of security?
Maybe, you should start reading the applicable certification procedures
(what does CC-EAL5 mean exactly?), to see what's already considered and
which level of examination each card mask have undergone. Then, if
that's not enough, you should contact a manufacturer and take steps to
have a custom-made mask examined by your enginering staff, then buy
enough cards. Or, simpler, ask the supplier to sign a contract where the
considered attacks are detailed.

> One could do it manually already. First encrypt a message using the
> smartcard and the encrypt the encrypted message again using a
> password-protected/encrypted key. And you could tell contacts, "my
> signature is only valid if it is signed by both signing keys".
Naive and error-prone.

> Manually doing so just seems to inconvenient to get it right. Technical
> challenges should only be implementing that feature but not conceptual
> limitations?
Then you should use the (really heavy) shared RSA signature: to have a
valid signature, all N chunks from N parties are needed. Key generation
is a collaborative effort, too, so no single party can know the whole
secret key. That could be a good idea for a Ph. D thesis (probably a
hard one). I fear that current crypto support in JavaCards wouldn't be
entirely useable :(

BYtE,
 Diego.