Smartcards and tokens

Thu Dec 15 22:02:08 CET 2016

Hi Martinho,

After I thought about it more, I have kind of drawn the conclusion that
even for signing, only using a SmartCard cannot achieve authenticity.

With a write-only SmartCard which computes signature on the card, it's
true that it can protect the signing key. However, if it's used in a
hacked machine or malicious environment, the hash sent to the card can
be modified to be the hash of something else, not the hash of the
document that you think you're reading on screen. Even if your signing
key is kept secret on the card, but it blindly signs a fake hash. What's
good about this?

So using a write-only SmartCard alonewithout a secure host environment
cannot give you the security level you think you get. Unless I missed
something from your original description.

This actually boils down a minimal trusted computing base (TCB).
SmartCard itself does not form a complete TCB, which must include
certain trusted host environment.

On 12/15/2016 11:24 AM, Lou Wynn wrote:
>
> If the host machine is compromised, what's the purpose of doing
> encryption on the SmartCard? Attackers don't need to know the key to
> get your plaint ext, because it is on the host machine.
>
> I guess that what you meant was signing, using a SmartCard to sign has
> the benefits you mentioned, but not encryption.
>
>
> On 12/15/2016 01:24 AM, R. Martinho Fernandes wrote:
>> There's an important distinction to be made between using this
>> approach and using a SmartCard. The encrypted USB drive approach
>> leaks the keys into the machine you're using it from; they're
>> accessible by simply reading the filesystem (thus the claim that
>> "When you unplug the USB, your keys are gone." is wrong).  The keys
>> in a SmartCard are write-only; the SmartCard performs all the
>> encryption on-chip.
>>
>> You need to have an attack on the SmartCard to get the keys, while
>> with the USB drive approach, you just need to attack the host machine.
>>
>>
>> On Thu, Dec 15, 2016, at 08:34 AM, Lou Wynn wrote:
>>>
>>> I've come cross a simple and secure approach at this post:
>>>
>>> http://zacharyvoase.com/2009/08/20/openpgp/
>>>
>>> In the MAKING BACKUPS section, this method simply places your gnupg
>>> directory in an encrypted usb drive and make a symlink to it like this:
>>>
>>> ln -s /Volumes/EncDrive/gnupg ~/.gnupg
>>>
>>> That's all. As long as you use a good passphrase, this is very
>>> secure method to me. When you unplug the USB, your keys are gone. If
>>> your USB drive is lost, its content is encrypted by your passphrase,
>>> so no worry about it.
>>>
>>>
>>>
>>>
>>> On 12/14/2016 05:35 PM, NIIBE Yutaka wrote:
>>>> sivmu <sivmu at web.de> <mailto:sivmu at web.de> wrote:
>>>>
>>>>> One question remaining is what is the difference between the openpgp
>>>>> smartcard and the USB based tokens.
>>>>>
>>>> I think that the OpenPGP card (the physical smartcard) is included in
>>>> Nitrokey Pro USB Token.  So, it's exactly same from the view point of
>>>> smartcard.
>>>>
>>>> When you want to use a smartcard, you need a card reader to access the
>>>> card.  And the card reader you use would bring another attack vectors.
>>>> In this point, Nitrokey Pro USB Token is the best approach, I suppose.
>>>>
>>>> IIUC, Yubikey products are JavaCard implementations and somehow emulate
>>>> OpenPGP card protocol by "app", and they work as CCID card reader +
>>>> OpenPGP card.
>>>>
>>>> In Nitrokey Start USB Token, there is no OpenPGP card physically, but it
>>>> is implemented by Gnuk, the software.
>>>>
>>>>
>>>>> Also how much would you trust those vendors and can the use of such
>>>>> tokens actually decrease security?
>>>>>
>>>> This is the point.
>>>>
>>>> The hardware OpenPGP card in Nitrokey Pro USB Token could be replaced by
>>>> man in the middle (or its vendor).  The hardware MCU chip in Nitrokey
>>>> Start USB Token could be replaced, too.  The software (Gnuk) in Nitrokey
>>>> Start USB Token could be replaced (with JTAG/SWD debugger), too.  Or, we
>>>> should consider possibility of backdoor of OpenPGP card.  Well, I don't
>>>> know about Yubikey.
>>>>
>>>> When it is replaced to be malicious one to enable an access by others
>>>> (to your private keys), or it already has a backdoor in the first place,
>>>> it kills the purpose of USB security token.
>>>>
>>>> Here, the question is: how can we build up such a "trust"?
>>>>
>>>> It seems for me that there are two different approaches; (1) physical
>>>> difficulty (for example, plastic molding for "protection"), (2)
>>>> reproducibility and transparency/openness.  Note that some method of
>>>> former makes latter difficult.
>>>>
>>>>
>>>> For myself, I take (2), and I did my best to make my product as
>>>> reproducible.  (Since I don't manufacture semiconductor things,
>>>> reproducibility is not 100%, and this part of manufacturing and
>>>> technology is not open at all.)  And I intentionally deliver my product
>>>> in a style of "transparent" or "open".
>>>>
>>>> Distribution channel is also difficult.  I do in person, and I ask FSF
>>>> for my TRNG.  Are there any good method?
>>>>
>>>> Obvious drawback of the apporoach (2) is that people with enough
>>>> concern/attention have tendency to do it under their control.
>>>> Reasonable.  Since it's reproducible (somehow), it's possible, by
>>>> definition.  And then, I can't sell many.
>>>>
>>>
>>> _________________________________________________
>>> Gnupg-users mailing list
>>> Gnupg-users at gnupg.org <mailto:Gnupg-users at gnupg.org>
>>> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>>
>>
>>
>> _______________________________________________
>> Gnupg-users mailing list
>> Gnupg-users at gnupg.org
>> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20161215/6d328456/attachment.html>