[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-dev] adding smartcard support to Tor
This may be not quite what you want, but the Estonia E-resident card
supports basic crypto with the private key on the smart card---i.e.,
you have to physically have the card to be able to read the encrypted
mail.
There are probably more elegant solutions than plugging into the
Estonia E-resident framework, but you'll get press for using the
E-resident card---the Estonians always get happy when someone uses
their card for something novel. Which might be a perk.
Note: I believe that, theoretically, yes, the Estonian government
could jot down your private key before it goes onto the card. But
they are economically disincentivized from doing that.
-V
On Wed, Oct 14, 2015 at 4:08 AM, Razvan Dragomirescu
<razvan.dragomirescu@xxxxxxx> wrote:
> Hello,
>
> I am not sure if this has been discussed before or how hard it would be to
> implement, but I'm looking for a way to integrate a smartcard with Tor -
> essentially, I want to be able to host hidden service keys on the card. I'm
> trying to bind the hidden service to a hardware component (the smartcard) so
> that it can be securely hosted in a hostile environment as well as
> impossible to clone/move without physical access to the smartcard.
>
> I have Tor running on the USBArmory by InversePath (
> http://inversepath.com/usbarmory.html ) and have a microSD form factor card
> made by Swissbit (
> www.swissbit.com/products/security-products/overwiev/security-products-overview/
> ) up and running on it. I am a JavaCard developer myself and I have
> developed embedded Linux firmwares before but I have never touched the Tor
> source.
>
> Is there anyone that is willing to take on a side project doing this? Would
> it be just a matter of configuring OpenSSL to use the card (I haven't tried
> that yet)?
>
> Thank you,
> Razvan
>
> --
> Razvan Dragomirescu
> Chief Technology Officer
> Cayenne Graphics SRL
>
> _______________________________________________
> tor-dev mailing list
> tor-dev@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
>
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev