Smartcards and tokens
dgouttegattat at incenp.org
Thu Dec 15 22:17:48 CET 2016
On 12/15/2016 08:35 PM, sivmu wrote:
> From what I understand, a malicious token can e.g. perform encryption
> operations with weak randomness to create some kind of backdoor that is
> hard to detect.
The token is normally not used to perform any *encryption*. You encrypt
with the public key of your correspondant, which is stored on your
computer, not on your token (there's no need to protect it since it is a
*public* key). You use your token to *decrypt* messages that were sent
to you--and at that time, even if the token is malicious there's nothing
it can do to mess with the encryption.
What a malicious (or faulty) token *could* do is generate a weak key,
that your opponent could break once and for all and then use to decrypt
all messages sent to you. Smartcards generating weak keys have already
been observed in the wild . If you worry about that, simply generate
your keys on a computer you trust, then load them onto the token,
without ever using the token's own random number generator.
> Maybe there is also a way to secretly send the secret
> keys loaded onto the smartcard/token to the adversary using the PC and
> network it is used on.
I'll admit readily that I am not an expert on this, but I don't see how
that could be feasible without the help of the host PC--meaning your
opponent would have to both (1) compromise your PC and (2) send you a
malicious token. But if he could compromise your PC, he would have no
need for a malicious token.
I guess your attacker could use a USB token as the mean to compromise
your PC (names like "Bad USB" come to mind), but if you worry about such
attacks, you should be wary of *any* USB device you buy (keyboards,
mice, mass storage sticks... or even desktop missile launchers), not
only cryptographic devices.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 488 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users