[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] adding smartcard support to Tor

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] adding smartcard support to Tor
From: Ken Keys <kenkeys@xxxxxxxxxxx>
Date: Sat, 17 Oct 2015 12:50:13 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 17 Oct 2015 15:50:37 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1445111422; bh=j4xBidDPHLhcgDSLlHJuabtac+q8OjHXsYO/iPmmjjA=; h=Received:Received:Subject:To:From:Message-ID:Date:MIME-Version: Content-Type; b=NBqb6xdWoATYmaHJpvcOYnU2ChoPhKZUpnqHjfhz5K2rixrNQxP48qczol1TIX3r8 KQA5Ao2JOAMZc9l0SoAfri3V76sQQunp0qjxziQV8/Ye+1wgWav+RwuVjX96ZEmiQ8 ExzLKq3JlckzYpJ9Iz/cJCj0/8DipRixz6Loyx7CMsgYvL9JpPi0XqnTU4KDg+QnsO 2bDzcNfRHqNoDvX2EvcG48pDmqo6WAnZlIQAABCQYDlMVYxcwMr1+RuQ47E0PJ7ncI v+VQ8rskiCgszosKwrzaEZcr4v1Eq03eZDC/2g3sJCNnp1hGssOHAOpqakxsRBPuGy rA4HOUB8xomqQ==
In-reply-to: <5622A116.3050003@xxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <CAFnyNAdw5P53+6-YyOBfa1dmc_TMO2yCta_=4oj3ss3zR9JbuQ@xxxxxxxxxxxxxx> <5621A7CD.9070600@xxxxxxxxxx> <CAFnyNAdcY3aTHqbmdTWVGpx6N4PS8iDzKmA3GqvtJ0YWc9_-VA@xxxxxxxxxxxxxx> <5622954B.7000706@xxxxxxxxxxx> <CAFnyNAdAMGx41CmB+znVcH30OsWt3ddzsK3OdXAAEqSzoo+aFg@xxxxxxxxxxxxxx> <56229EC9.2090704@xxxxxxxxxxx> <5622A116.3050003@xxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Windows NT 5.1; rv:38.0) Gecko/20100101 Thunderbird/38.3.0

On 10/17/2015 12:27 PM, Ivan Markin wrote:
> Ken Keys:
>> If the tor process is going to use the key, at some point the
>> unencrypted key has to be visible to the machine running it. You would
>> in any case have to trust the machine hosting the tor node. A more
>> secure setup would be to run the tor node inside an encrypted VM and use
>> your smartcard/dongle/whatever to unlock the VM.
> The point is that one can't[*] extract a private key from a smartcard
> and because of that even if machine is compromised your private key
> stays safe.
>
>
> [*] Not so easy, but possible.
If the machine is going to use the HS key, the actual HS key has to be
visible to it. An encrypted container holding a VM could use RSA-style
public/private key encryption so that it never has to see the private
key used to unlock it. You would still need to trust the VM, but the
encrypted container would allow you to establish a chain of custody.


_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] adding smartcard support to Tor
  - From: Ivan Markin

References:
- [tor-dev] adding smartcard support to Tor
  - From: Razvan Dragomirescu
- Re: [tor-dev] adding smartcard support to Tor
  - From: Ivan Markin
- Re: [tor-dev] adding smartcard support to Tor
  - From: Razvan Dragomirescu
- Re: [tor-dev] adding smartcard support to Tor
  - From: Ken Keys
- Re: [tor-dev] adding smartcard support to Tor
  - From: Razvan Dragomirescu
- Re: [tor-dev] adding smartcard support to Tor
  - From: Ken Keys
- Re: [tor-dev] adding smartcard support to Tor
  - From: Ivan Markin

Prev by Author: Re: [tor-dev] adding smartcard support to Tor
Next by Author: [tor-dev] Hello, I am a Tor Browser user in China. Currently, many obfs4 bridges are blocked by China's firewall.
Previous by thread: Re: [tor-dev] adding smartcard support to Tor
Next by thread: Re: [tor-dev] adding smartcard support to Tor
Index(es):
- Author
- Thread