Smartcards and tokens

sivmu sivmu at
Thu Dec 15 20:35:23 CET 2016

Am 15.12.2016 um 02:35 schrieb NIIBE Yutaka:
> sivmu <sivmu at> wrote:
>> One question remaining is what is the difference between the openpgp
>> smartcard and the USB based tokens.
> I think that the OpenPGP card (the physical smartcard) is included in
> Nitrokey Pro USB Token.  So, it's exactly same from the view point of
> smartcard.
> When you want to use a smartcard, you need a card reader to access the
> card.  And the card reader you use would bring another attack vectors.
> In this point, Nitrokey Pro USB Token is the best approach, I suppose.
> IIUC, Yubikey products are JavaCard implementations and somehow emulate
> OpenPGP card protocol by "app", and they work as CCID card reader +
> OpenPGP card.
> In Nitrokey Start USB Token, there is no OpenPGP card physically, but it
> is implemented by Gnuk, the software.
>> Also how much would you trust those vendors and can the use of such
>> tokens actually decrease security?
> This is the point.
> The hardware OpenPGP card in Nitrokey Pro USB Token could be replaced by
> man in the middle (or its vendor).  The hardware MCU chip in Nitrokey
> Start USB Token could be replaced, too.  The software (Gnuk) in Nitrokey
> Start USB Token could be replaced (with JTAG/SWD debugger), too.  Or, we
> should consider possibility of backdoor of OpenPGP card.  Well, I don't
> know about Yubikey.
> When it is replaced to be malicious one to enable an access by others
> (to your private keys), or it already has a backdoor in the first place,
> it kills the purpose of USB security token.
> Here, the question is: how can we build up such a "trust"?
> It seems for me that there are two different approaches; (1) physical
> difficulty (for example, plastic molding for "protection"), (2)
> reproducibility and transparency/openness.  Note that some method of
> former makes latter difficult.
> For myself, I take (2), and I did my best to make my product as
> reproducible.  (Since I don't manufacture semiconductor things,
> reproducibility is not 100%, and this part of manufacturing and
> technology is not open at all.)  And I intentionally deliver my product
> in a style of "transparent" or "open".
> Distribution channel is also difficult.  I do in person, and I ask FSF
> for my TRNG.  Are there any good method?
> Obvious drawback of the apporoach (2) is that people with enough
> concern/attention have tendency to do it under their control.
> Reasonable.  Since it's reproducible (somehow), it's possible, by
> definition.  And then, I can't sell many.

From what I understand, a malicious token can e.g. perform encryption
operations with weak randomness to create some kind of backdoor that is
hard to detect. Maybe there is also a way to secretly send the secret
keys loaded onto the smartcard/token to the adversary using the PC and
network it is used on.

If there is no way to detect such malicious devices and given that
certain organisations tend to mess with security tokens and crypto
devices, it seems using those specific devices actually decreases
security, assuming it is easy to manipulate specialised vendors of
security hardware compared to manipulating electronic hardware in general.

Or is this too much of a conspiracy theorie? (not that those do not have
a tendency to be outrun by reality anyway)

With nitrokey,  both the hardware design and the software is open source
and both have been audited. Bu I don't think that will keep some people
from intercepting deliveries of such devices or mess with the production.

I'm really not sure if specialised devices for crypto is a good idea,
give that it presents such a promising target.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20161215/49158136/attachment-0001.sig>

More information about the Gnupg-users mailing list