[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] adding smartcard support to Tor



Ken Keys:
> If the tor process is going to use the key, at some point the
> unencrypted key has to be visible to the machine running it. You would
> in any case have to trust the machine hosting the tor node. A more
> secure setup would be to run the tor node inside an encrypted VM and use
> your smartcard/dongle/whatever to unlock the VM.

The point is that one can't[*] extract a private key from a smartcard
and because of that even if machine is compromised your private key
stays safe.


[*] Not so easy, but possible.
-- 
Ivan Markin
/"\
\ /       ASCII Ribbon Campaign
 X    against HTML email & Microsoft
/ \  attachments! http://arc.pasp.de/

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev