[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] adding smartcard support to Tor

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] adding smartcard support to Tor
From: Razvan Dragomirescu <razvan.dragomirescu@xxxxxxx>
Date: Sun, 18 Oct 2015 00:46:29 +0300
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 17 Oct 2015 17:46:42 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=veri_fi.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=QpvMp04KPyR0Gc1ySL4OcIY9HUxegGbG28DbmQgdgLk=; b=0iRI+LRFgINoilCwMDYIkN5W+fKtYBywXsVrosT3Tk3S70SbqO7WAcwUuKTA4SVAtA opRvk6+lT7hXA9Vwtyv7vTBp1TCJUQohLNQMFfLcODCib08HOIGSe+pBEPghMewan8nF Kqr6k8Fs0G8PnYU24eaxK7Levw9M2I+In9HVJjjCDX+ZbtEtbylj6svNXX2Pl5m+5wP5 E/B4oYyDBkTYM3+HW6viCfdl1GWwCMZJOg0GVRBJ5MykBgWLiIDBxD5mpz0moFQzrl/t wNx5YO0MJDDjI7Ra+LoVE4jPa8g73RpQlN14YAe6MV6K+TpVuGGTorYUDLZt2GaOuwE9 W4FA==
In-reply-to: <5622B250.4030503@xxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <CAFnyNAdw5P53+6-YyOBfa1dmc_TMO2yCta_=4oj3ss3zR9JbuQ@xxxxxxxxxxxxxx> <5621A7CD.9070600@xxxxxxxxxx> <CAFnyNAdcY3aTHqbmdTWVGpx6N4PS8iDzKmA3GqvtJ0YWc9_-VA@xxxxxxxxxxxxxx> <5622954B.7000706@xxxxxxxxxxx> <CAFnyNAdAMGx41CmB+znVcH30OsWt3ddzsK3OdXAAEqSzoo+aFg@xxxxxxxxxxxxxx> <56229EC9.2090704@xxxxxxxxxxx> <5622A116.3050003@xxxxxxxxxx> <5622A675.4000703@xxxxxxxxxxx> <5622B250.4030503@xxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

Exactly, you ask the smartcard to decrypt your traffic (and sign data if needed), it never tells you the key, it's a blackbox - it gets plaintext input and gives you encrypted (or signed) output, without ever revealing the key it's used. It can also generate the key internally (actually a keypair, it stores the private key in secure memory (protected from software _and_ hardware attacks)) and gives you the public key so that you can publish it.

Remember, smartcards are not just storage, they are tamper resistant embedded computers. Very limited computers, true, but very good at keeping secret keys secret, both from a software attack and from a hardware (drop the card in acid, use a logic analyzer kind of) attack.

Razvan

--

Razvan Dragomirescu

Chief Technology Officer

Cayenne Graphics SRL

On Sat, Oct 17, 2015 at 11:40 PM, Ivan Markin <twim@xxxxxxxxxx> wrote:

Ken Keys:
>> > The point is that one can't[*] extract a private key from a smartcard
>> > and because of that even if machine is compromised your private key
>> > stays safe.
> If the machine is going to use the HS key, the actual HS key has to be
> visible to it.

Nope. If the machine is going to use the HS key it can ask a smartcard
to do so. Of course private key is visible to something/someone anyway.
But in case of smartcards it is visible to a smartcard only.

> An encrypted container holding a VM could use RSA-style
> public/private key encryption so that it never has to see the private
> key used to unlock it. You would still need to trust the VM, but the
> encrypted container would allow you to establish a chain of custody.

It's OK to unlock some encrypted block device/VM with some 'unpluggable'
key. But it does nothing to protect your HS' identity.

--
Ivan Markin
/"\
\ /Â Â Â ÂASCII Ribbon Campaign
ÂXÂ Â against HTML email & Microsoft
/ \Â attachments! http://arc.pasp.de/

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] adding smartcard support to Tor
  - From: grarpamp

References:
- [tor-dev] adding smartcard support to Tor
  - From: Razvan Dragomirescu
- Re: [tor-dev] adding smartcard support to Tor
  - From: Ivan Markin
- Re: [tor-dev] adding smartcard support to Tor
  - From: Razvan Dragomirescu
- Re: [tor-dev] adding smartcard support to Tor
  - From: Ken Keys
- Re: [tor-dev] adding smartcard support to Tor
  - From: Razvan Dragomirescu
- Re: [tor-dev] adding smartcard support to Tor
  - From: Ken Keys
- Re: [tor-dev] adding smartcard support to Tor
  - From: Ivan Markin
- Re: [tor-dev] adding smartcard support to Tor
  - From: Ken Keys
- Re: [tor-dev] adding smartcard support to Tor
  - From: Ivan Markin

Prev by Author: Re: [tor-dev] adding smartcard support to Tor
Next by Author: Re: [tor-dev] adding smartcard support to Tor
Previous by thread: Re: [tor-dev] adding smartcard support to Tor
Next by thread: Re: [tor-dev] adding smartcard support to Tor
Index(es):
- Author
- Thread