Razvan Dragomirescu: > Hello again, > > I wanted to revisit this subject and actually start writing some code, but > it looks like Ivan Markin's GitHub account is gone, together with all the > code there. Ivan, are your modifications to OnionBalance still available > anywhere? > > Thank you, > Razvan > Hi Razvan, I'm the author of OnionBalance, I'm glad to hear that your interested in implementing smartcard support. It's something that I've wanted to implement but I haven't got around to it yet. Unfortunately I don't have a local copy of Ivan's branch. However his code was integrating with a smartcard at a very low level by sending AT commands manually. I don't think that is the best approach for compatibility. I think a better way would be to interface with the tokens via the PKCS#11 protocol. The majority of smartcards and HSMs implement this standard and there are compatible implementations available for most operating systems. The Python pykcs11 module should be a helpful start [1]. I'm imagining a config file option where a user can specify a service key as either a file path or a PKCS#11 URI [2]. A few months ago I researched which common smartcards are compatible with the 1024 bit RSA private keys. It looks like some low cost options such as the Yubikey 4 now only support 2048 bit and longer keys. It would be great if someone can find out which hardware we can use with 102 bit hidden service keys! Let me know if you have any questions. I'm happy to help you implement this and get it merged. Regards, Donncha [1] https://pypi.python.org/pypi/pykcs11 [2] https://tools.ietf.org/html/rfc7512
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev