Il 22/12/2013 04:13, adrelanos ha scritto: > Or in other words, is it possible to store an already encrypted > (password protected) gpg private keys on a smartcard? So the smartcard > never gets to see the plain key? That would be really useless: smartcardneeds the key to *do* crypto ops! It's not a limited USB stick! Since the smartcard is a really controlled execution environment, "we" can say it's a "trusted environment".
> I've learned the hard way (by buying the equipment even with external > PIN pad), that when "keytocard" has been used, that only the PIN has to > be entered. No password. Unfortunately. Luckily. Smartcards are used to avoid exposing key material to an untrusted environment, like a PC. > The smartcard has been bought by me to improve security. Not to > substitute one security mechanism with another. I believe gpg's software > encryption is more trustworthy than a card I got by snail mail. I > haven't heard that any cards have been compromised yet, but how do I > know if I really received an original (untampered) card in the first place. You have to trust the supplier. If you ordered 'em in significant quantities, you could ask to have 'em with special keys so that every step can be checked. Or. more easily, you can buy blank java cards from diffetent manufacturers, then compile an upload your carefully checked applet. > In my opinion both attempts, password protection and smartcards, on > security are worthwhile. When using smartcards I am trusting hardware, a > small group of card designers, producers, post office... And when using > gpg's software key encryption, I am trusting the software producers and > the programmers actually looking at the code. You can do many checks yourself: there are various OpenPGP Java implementations around. > The idea was to take my chances. If smartcards work, that's great. The > key can be abused when a malware infection happened, but at least the > key can not be extracted. On the other hand, if I loose my smartcard and > smartcards don't do what they promise (i.e. someone ever comes up with > some exploit to extract the key), I fall back to gpg's software key > encryption. And how do you think the card could perform crypto ops on encrypted keys? If you lose your card, it could be way easier to revoke the keys on card. And that's why many people keep their master key offline, using cards/tokens just to safely transport their keys. > I am ignorant about the technical details. Maybe there is a technical > reason why it's not worthwhile to combine these things? Or are > smartcards just too limited at this stage of development to support that? No. It's simply impossible to do what you're asking. Unless you replace the secret key with a *masked* version, leaving the unmasking key on the PC, encrypted by PGP. But that would prevent checking on-card various possible attacks, actually weakening the whole system. BYtE, Diego. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
