[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] adding smartcard support to Tor

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] adding smartcard support to Tor
From: Ivan Markin <twim@xxxxxxxxxx>
Date: Tue, 24 May 2016 18:25:54 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 24 May 2016 14:26:22 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1464114361; bh=G/PUdTTzW3f8sDqQQNXHwEwvvm7OLfzXxGQ9h6nDrvE=; h=Subject:To:References:From:Date:In-Reply-To:From; b=tIQZ/ltoQhK4WuRZKcr+p4EKajw3PnBvHlH/flAsxySDkHHCdWKh/8tWnq6p9ck/z /Lj2NQWf2K2dySTkHoAFTGikzSDJJNvx2RqD5uEaY9KKYmtAIiVqOoUi0z0ZVsq8RI d/IcOXVvolgqiob/ytx3DgkNEd30fwkUhGZvAi8I=
In-reply-to: <CAFnyNAdgXY9XJRZ2HeFpzZ6nBN2HExY0BX-xaCS4c6CozGexkg@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <CAFnyNAdw5P53+6-YyOBfa1dmc_TMO2yCta_=4oj3ss3zR9JbuQ@xxxxxxxxxxxxxx> <5621A7CD.9070600@xxxxxxxxxx> <CAFnyNAdcY3aTHqbmdTWVGpx6N4PS8iDzKmA3GqvtJ0YWc9_-VA@xxxxxxxxxxxxxx> <5622954B.7000706@xxxxxxxxxxx> <CAFnyNAdAMGx41CmB+znVcH30OsWt3ddzsK3OdXAAEqSzoo+aFg@xxxxxxxxxxxxxx> <56229EC9.2090704@xxxxxxxxxxx> <5622A116.3050003@xxxxxxxxxx> <5622A675.4000703@xxxxxxxxxxx> <5622B250.4030503@xxxxxxxxxx> <CAFnyNAeK0zAaetcd-pLBFZ_Y68ao-tu9NJwMg9mN4jtc_z1V2w@xxxxxxxxxxxxxx> <CAD2Ti28OKNz9jU6a4aKxyzKyJCR3SyeWzRwW9Y20N+fKZZkLsg@xxxxxxxxxxxxxx> <CAD2Ti2-PmEoDBksFXwwueCeuafJ=gq29Rq9YXn+m9=QcpPQGnA@xxxxxxxxxxxxxx> <56269067.3020502@xxxxxxxxxx> <CAFnyNAdjRBFBaMrTpGDX8gR1LiqtmY0LmiirS3pRrkQumpcE5Q@xxxxxxxxxxxxxx> <5742AA6B.1070001@xxxxxxxxxx> <57436776.4030109@xxxxxxxxxx> <CAFnyNAdgXY9XJRZ2HeFpzZ6nBN2HExY0BX-xaCS4c6CozGexkg@xxxxxxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

Razvan Dragomirescu:
> Thanks Evan for the .onion links, I'll take a look. I'm still collecting
> data, testing hardware, etc. BTW, one of the cheapest options for this is
> http://www.ftsafe.com/product/epass/eJavaToken - $12 at
> http://javacardos.com/store/smartcard_eJavaToken.php . Unfortunately it has
> a bug that prevents OpenPGP from running (something to do with signature
> padding, I didn't look much into it). My plan is to write a very small
> JavaCard-based applet to load onto the card - that only does RSA key
> generation and signing, nothing else. Easy to write and easy to audit.

You can write it yourself but a working solution is already there. It's
possible to flash Java applet to almost any common jcard (they're pretty
cheap). Have a look at the nice guide by Subgraph team [1].
For the purpose of digest signing you can easily modify the applet to
have more than two signing keys (keep in mind that there are some card
limits).


[1] https://subgraph.com/sgos/documentation/smartcards/index.en.html
--
Have fun,
Ivan Markin
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- Re: [tor-dev] adding smartcard support to Tor
  - From: Razvan Dragomirescu
- Re: [tor-dev] adding smartcard support to Tor
  - From: Donncha Ã Cearbhaill
- Re: [tor-dev] adding smartcard support to Tor
  - From: Evan Margin
- Re: [tor-dev] adding smartcard support to Tor
  - From: Razvan Dragomirescu

Prev by Author: Re: [tor-dev] [proposal] RebelAlliance: A Post-Quantum Secure Hybrid Handshake Based on NewHope
Next by Author: Re: [tor-dev] tor on GNU/Windows
Previous by thread: Re: [tor-dev] adding smartcard support to Tor
Next by thread: Re: [tor-dev] adding smartcard support to Tor
Index(es):
- Author
- Thread