gnupg 'signing server'? Looking for advice on key management/security
Jacob Bachmeyer
jcb62281 at gmail.com
Tue Nov 14 05:23:16 CET 2023
Daniel Cerqueira wrote:
> Jacob Bachmeyer <jcb62281 at gmail.com> writes:
>
>
>> The problem here is that, while the key never leaves the smartcard,
>> the /entire/ device that accesses the smartcard must be trusted, as a
>> backdoor on the device could steal plaintext or submit extra items for
>> signing. A PIN does not solve the problem, since the PIN is entered
>> on the device, which could be backdoored to store the PIN and submit
>> it along with Mallory's messages for the smartcard to sign---and the
>> card will sign it, since the PIN checks out...
>>
>> Smartcards make silently duplicating the key difficult (supposedly
>> infeasible) but do not solve the general problems with
>> network-connected devices.
>>
>
> If you don't trust pinentry, maybe you should also not trust gnupg. They
> are from the same project (gnupg.org).
>
> I believe is best for you not to use gnupg and pinentry, until you
> review it.
My point is that smartcards do not magically increase security beyond
the private key wrapping encryption built in to GPG, and provide little
actual security benefit unless less-common steps (such as using a card
reader with its own PIN pad) are taken. (The convenience of being able
to simply move the card between devices may be useful for some users.)
The issue here is not GPG or its associated pinentry program or any
question of their integrity. The issue is the possibility of the
computer being tampered while I am away from it, or potentially, via the
network, right under my nose. (Consider the overall security of the
typical Android device.) So far, smartcards do not seem to provide any
better protection in this case than GPG's own security features. Such
tampering would enable the theft of the GPG key passphrase or card PIN
in either case. In other words, the same attacks that can effectively
break GPG's built in security also effectively break a smartcard by
enabling the unauthorized use of the key on the card.
That is ignoring the additional risk that few if any smartcards use Free
firmware, and are, by design, nearly impossible to verify. A secret
backdoor on the smartcard cannot be categorically ruled out, although
such a violation of trust would be expected to effectively remove the
card's manufacturer from the market should it come to light.
-- Jacob
More information about the Gnupg-users
mailing list