Whishlist for next-gen card

[NdK]

Il 20/02/2015 11:36, Jonathan Schleifer ha scritto:

>> 1 - support for more keys (expired ENC keys, multiple signature keys)
> And maybe for storing a certification key with a different PIN.
Wasn't it covered by
2 - different PINs for different keys
? :)

>> 5 - possibility to export private keys to user-certified devices
> That pretty much defeats the point of using a smart card in the first place.
That's not "uncontrolled export", and in fact such a feature is
implemented in HSMs to avoid unsafe key generation (outside the HSM
itself) *and* the risk of key loss.
The idea is that *before* creating/importing the master key, you set the
policy, including the key ID (or IDs) that can ask for key export. Once
the master key gets created, you no longer can alter the policy. The
policy should be exported together with the key and override the
existing one while importing a key (so that you "can't" alter -actually
it's just "really hard", but doing that should invalidate signatures on
your master key!- the policy by exporting from a device and importing on
another).

>> 6 - like in Yubikey NEO, a physical button to authorize some operations
>> can be useful (certification, signature, NFC PIN-less auth)
> That would be a pretty useful thing, but require you to trust the card
> reader. This, however, would really make sense on the Gnuk and I guess
> you could even do that without changing the spec.
Nope. it's possible to have (at least I've seen one: my father does have
it!) smartcards with small displays, keyboards (1-2 keys could be
enough, but a full 4x3 keypad would be awesome!) and even
batteries/solar panels! The form factor is not the real problem. The
problem is that it's quite a close and secretive market, heavily relying
on security by obscurity (when I asked Yubikey how to access the "user
presence" key from a Java appled, they answered I'd have had to contact
NXP and sign an NDA!
So no need to trust the card reader :)

BYtE,
 Diego.