gnupg 'signing server'? Looking for advice on key management/security

Wed Nov 15 03:52:07 CET 2023

Henning Follmann wrote:
> On Mon, Nov 13, 2023 at 10:23:16PM -0600, Jacob Bachmeyer via Gnupg-users wrote:
>   
>> Daniel Cerqueira wrote:
>>     
>>> Jacob Bachmeyer <jcb62281 at gmail.com> writes:
>>>       
> [...]
>   
>
> Yes it does. The key can't be copied and taken away from the device. This
> is an advantage.
>   

It is an advantage that is not relevant to network-connected 
general-purpose computing devices.

In both cases, the key is secure when not in use.  An encrypted private 
key is useless without the passphrase and a card is useless without the 
PIN.  In both cases the key can be further secured by physical 
isolation, storing the encrypted key on removable media or keeping the 
card out of the reader when not in use.  In both cases a "smash and 
grab" attack yields nothing of value, either an encrypted key or nothing 
at all (smartcard or removable media).  That means an intelligent 
attacker will attempt to place persistent malware to backdoor the 
device.  While the theft of both encrypted key and passphrase enables 
Mallory to forge signatures at his leisure, persistent malware could 
just as easily submit Mallory's messages to the smartcard for signing 
after locally stealing the PIN and simply waiting for the unsuspecting 
user to insert the card (or bring the token into NFC range... how many 
people would put phone and token into the same pocket without a second 
thought?).

Once the conditions necessary for an attacker to break GPG's built in 
private key security are met, the use of a smartcard is merely an 
inconvenience to an attacker.  In both cases, the attacker must wait for 
the key to be unlocked to produce a legitimate signature and can then, 
having stolen the authentication token (passphrase or PIN) used to 
unlock the key, produce additional (illegitimate) signatures.  The 
smartcard adds the minor inconvenience of having to wait for the user to 
insert the card, but this does not actually raise the bar for a 
successful attack, which is the forging of at least one signature, after 
which the key must be revoked.

Note that assuring the integrity of the device at all times that the 
card is connected generalizes to "at all times the key is used" for the 
GPG built in security case.  (If the integrity of the device is assured, 
then there can be no malware waiting to steal the passphrase and store 
it for later.)  If this condition is met, no attack can succeed in 
either case.  If this condition is not met, Mallory will eventually be 
able to forge a signature.  Therefore, smartcards do not actually 
provide additional security in the typical PGP usage.

Where smartcards are useful is protocols that require an untrusted or 
marginally trusted device that does not belong to the user to be able to 
produce a signature with the user's key for a short period of time but 
not afterwards.  Modern payment card systems supposedly are an example 
of this, but the EMV protocol has several less-secure legacy modes that 
may or may not still be in use.  (I do not know if the magstripe 
emulation mode has actually been phased out, for example.)

>> [...]
>>
>> That is ignoring the additional risk that few if any smartcards use Free
>> firmware, and are, by design, nearly impossible to verify.  A secret
>> backdoor on the smartcard cannot be categorically ruled out, although such a
>> violation of trust would be expected to effectively remove the card's
>> manufacturer from the market should it come to light.
>>     
>
> nitrokey publishes its card firmware and it can be updated and
> independently audited.
> There is also the OpenPGP card. IIRC the firmware is also available.
>
> Yubikey does not publish the key firmware but they have an independent
> auditing process in place IIRC.
>   

Those are improvements in the field since I had last checked, although 
those are still two suppliers out of an entire industry.  Thank you for 
that information.

-- Jacob