Trezor - Could this be the model for a PGP crypto device?
Felix E. Klee
felix.klee at inka.de
Fri Mar 6 13:50:22 CET 2015
Yesterday in Las Palmas de Gran Canaria, I attended a [talk] by Marek
Palatinus, one of the relatively early Bitcoin miners and cofounder of
[SatoshiLabs]. He gave an introduction to his path into Bitcoin, and
things that went wrong, and then he presented the [Trezor] crypto
The Trezor has a little display and two buttons. It generates and stores
your private key which is used for identifying your address in the
Bitcoin network. The Bitcoins that you own are associated with your
address. Connected via USB to a computer, the Trezor signs Bitcoin
Marek later explained to me that the Bitcoin crypto standard is
different from those used with PGP.
After the talk, I hammered him with questions:
* What if I lose the device or if it breaks? For backup, the device
presents a list of 24 English words, that the user should write down
and keep on paper in a safe place. Using this list, the private key
can be recreated.
* What if Eve wants to access the device without my authorization?
There is a PIN.
* How is the key generated? With an RNG on the device, using entropy
gathered from the connected computer.
* There’s no PIN pad on the device; Couldn’t malware sniff the PIN?
The device has a little screen that displays a matrix of nine
numbers. On the computer’s screen appears the same matrix without
numbers, and one clicks on these with the mouse.
* Do I have to enter the PIN for every transaction? Only once, then
the device remains activated.
* Once the device is activated, couldn’t malware do arbitrary
transactions? For every transaction there is information displayed
on the device’s display, and it has to be confirmed with the press
of a button on the device.
* Can I trust the firmware? [Source code] is available. Users can
check the code, compile it, and flash their own version.
* What if Eve modifies the firmware in a malignant way and flashs it
to the device? Flashing unsigned firmware causes the private key to
be erased by the bootloader.
* Can I trust the bootloader? Source code is available as well.
Of course there could still be backdoors. However, at the moment I
cannot see what can be done better, other than building your own
hardware, ideally down to chip manufacturing level.
More information about the Gnupg-users