On Tue, Jan 07, 2020 at 00:26:14 +0100, Christoph Groth wrote: > Through an article [1] in LWN, I stumbled across a thread [2] on this > list that dealt with the usefulness of smartcards for storing > OpenPGP keys.
I don't have time to read what I already wrote in that thread, so I'm sorry if I repeated myself here. > I understand that OpenPGP smartcards do not protect from a compromise > of the computer system that they are used with. As Peter Lebbing puts > it [3]: > >> You don't even have to decrypt the document they're interested in >> yourself, and no external push button will save you. Just decrypt >> a document twice, and the second time, the attacker can use your >> smartcard for their own good while providing the session key they >> logged the first time for your decryption. > > But then, what are threats against which smartcards *are* useful? That's too coarse of a conclusion. Let's say I decided to plug my Nitrokey into some adversary's computer, willingly, and enter my PIN. The attacker can make use of the card while it's plugged in. But operations using the card are very slow, and I'll notice the light going on more than once. I'll unplug it. Attack mitigated. The only thing lost is whatever the attacker managed to do within that time period---decrypt files, sign documents, SSH into remote machines, etc. (Don't get me wrong: all those are really bad.) Then I go to a safe location and change my PIN. Or maybe I'm punched out and my smartcard stolen. I go home, revoke my subkeys, and have to pay for a new smartcard. And let some people know that I was beat up and you shouldn't trust anything that was signed in that time period. But consider the alternative: if you weren't using a smartcard, and your key were on disk, all of that still would have happened. But in addition, your private key has been compromised. You now have to revoke your entire key. If you've built a web of trust, you have to start again. Smart cards _are_ useful even if your system is compromised, because it still protects your key from offline use. It gives me peace of mind when it's capped and stored in a safe location. If you just leave your smart card plugged into your computer 24/7 and leave your computer on while you're sleeping, that's a problem. It won't protect you from bad practices. You can get some of those benefits by e.g. using a laptop as a thin client and forwarding the GPG agent to a remote box over SSH, and store the private key on the laptop. The risk is still higher than a smartcard though. It all depends on your threat model. > I got a smartcard to ssh from computers that I trust reasonably but > where I am not (the only) root to other (more trusted) machines that > I control exclusively and that hold data that I would not store on the > less-trusted machines. From a fundamental point of view a smartcard > does not provide any additional security here, but I have the > imporession that in practice it does, because gaining access to the > remote machines becomes more difficult for an attacker (without > a smartcard, installing a simple keylogger is enough). This is the same > kind of imperfect security we rely on in real life, for example with > door locks. Would you agree with me? I use my Nitrokey for SSH as well. Prior to having it, I would store an SSH key to personal accounts on e.g. my work computer. I cannot fully trust that system. But today I don't need to do that: I insert the Nitrokey only when prompted by GPG, immediately remove it, and change my PIN when I get home. While there's still the risk that the card may be used for other things by a malicious process, it's pretty well mitigated. I know how long the light on the smartcard should be on for and watch it the entire time. I never allow the card to be out of my view when connected to a system. Of course, there's also the risk that someone has physically tampered with the smartcard to suppress the LED under certain circumstances. This isn't foolproof. But it's better than SSH keys on my work system. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 https://mikegerwitz.com
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
