Tamper Resistance of SmartCards -- NitroKey Pro/ KernelConcepts

flapflap flapflap at riseup.net
Fri Jun 24 13:51:49 CEST 2016


Andreas Fenkart:
> I'm comparing NitroKey Pro and KernelConcepts OpenPGP card.
> https://shop.nitrokey.com/shop/product/nitrokey-pro-3
> http://shop.kernelconcepts.de/#openpgp
> I'm only interested in creating signatures for FW releases. What
> confuses me is the claim made by NitroKey that it is "tamper
> resistant". I guess kernelconcepts card being a BasicCard[1] should be
> "tamper resistant" as well.

I think you are a bit mistaken:
In the Nitrokey Pro, the STM32 processor is not doing any crypto.
Indeed, the STM32 has no hardware protection at all for such purpose.
The processor is used to implement the smartcard /reader/ protocol (and
a few other functions) and itself forwards all crypto tasks to an
on-board OpenPGP smartcard (can be exchanged via slot).
As far as I know, there are no known side channels or (easy) attacks to
the OpenPGP smartcard.
As a normal user you almost have no way to find implementation details
for smartcards because they are all protected by patents and NDAs (it
would not be possible to make the design free). It is not (at least it
should not be) possible to extract secret keys from a smartcard: you
send your plain text to the reader, to the card, and get back the cipher
text (or vice versa).

The Nitrokey people had to decide to do the crypto on the STM32 where
they can influence the PCB layout but not the processor (with known
attacks) itself, or to do it on an OpenPGP smartcard and have to trust
the manufacturer. Since the Nitrokey software and hardware design is
free (as in freedom), you can at least inspect these bits (e.g. you can
look at the layout using the free software KiCad) and modify the
firmware run on the STM32 (maybe you want to add some other additional
function that is not security critical).

If you only buy a smartcard, you still have to trust the smartcard
reader you use then because it can read/copy/modify/transmit via HF all
communication and, dependent on your level of paranoia, you also have to
carry the reader always with you. Since you need to trust both the
reader and the smartcard, Nitrokey put both in the same package and
labeled it Nitrokey Pro so you can carry it around.


More information about the Gnupg-users mailing list