Re: How do I make the private key on a OpenPGP smartcard non exportable ?
Il 25/06/2013 09:55, Werner Koch ha scritto: >> First: I trust more the RNG on a card than a SW one > A card based RNG is often nothing more than a PRNG with a card specific > seed. Modern cards seem to have a real hardware RNG. I'm referring to cards compatible with GlobalPlatform 2.1.1 (minimum), that is the baseline for MyPGPid applet. That should be "recent enough" to have a real RNG (if RandomData.ALG_SECURE_RANDOM is implemented). > Compared to > actual hardware RNGs they are very limited and probaly prone to errors. Shouldn't RNG be subject to the various certifications the card have to pass for CC and EAL ? > there is also no way to do extensive power up tests which all other > hardware RNGs require. Dedicated applet that only returns random data? > I consider a good OS supported RNG more reliable. Might be, but it's prone to a lot of possible attacks, too :) BYtE, Diego. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How do I make the private key on a OpenPGP smartcard non exportable ?
On Tue, 25 Jun 2013 06:24, ndk.cla...@gmail.com said: > First: I trust more the RNG on a card than a SW one A card based RNG is often nothing more than a PRNG with a card specific seed. Modern cards seem to have a real hardware RNG. Compared to actual hardware RNGs they are very limited and probaly prone to errors. there is also no way to do extensive power up tests which all other hardware RNGs require. I consider a good OS supported RNG more reliable. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How do I make the private key on a OpenPGP smartcard non exportable ?
Il 24/06/2013 16:01, Josef Schneider ha scritto: > Then you need a secure way to store the CA key. That is essentially > exactly the same problem! Nope. Throwaway CA! > I mean you can put it on a card and allow export of the CA key only if > the request is signed by a SuperSecureCA key... There's no need to be able to export CA key. Actually the recommended way of using it (to limit key export) is: - generate CA key on card - "sign" all the needed keys - destroy it The CA key shouldn't last for long. It's not an X.509 CA. > But how do you control the export of the SuperSecureCA key? Not needed at all. Neither SupeerSecureCA nor a key export control for its non-existant key :) > If you want a key backup, why not just create the key on a secure > offline machine, copy it to a secure location (I print mine out using > PaperBak) and then move it to the card on that secure offline machine? > Works great! First: I trust more the RNG on a card than a SW one Second: maintaining an offline machine is not cheap (at least here in Italy, you can't legally use a computer where there haven't been applied security patches for more than 6 months) Third: you have a potentially accessible copy of your key -- nothing prevents your backup from being photocopied... Sure, it's encrypted but bruteforcing it is possible, at least in theory, while the original is apparently untouched. A smartcard would require physical possession of the original for quite some time (IF you decide to keep the CA key). What I suggest is something that "replaces" (being "a bit" more versatile) an offline machine where you generate a key and store it to N cards, then zap it. BYtE, Diego. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How do I make the private key on a OpenPGP smartcard non exportable ?
On Mon, Jun 24, 2013 at 2:54 PM, NdK wrote: > > Il 24/06/2013 10:15, Werner Koch ha scritto: > > >> A smartcard could be useful anyway, at least as a "portable keyring" > >> (if it didn't need initialization on every machine...). > > A USB memory stick fulfills the same purpose. > Not really secure... Not any less secure than a Smartcard that allows key export! > > > > In any case it is a really complex task and not easy to get > > right - if at all. > The card hosts public key of a "export-authorizing" CA (well, it's not a > real CA, since it doesn't do certificates at all... but call it that way > for clarity). > When I send to the card an export command w/ a public key signed > encrypted by the CA's private key, the card answers with the private key > encrypted under the signed public key (thinking about requiring a > signature w/ private key of the requesting card). > Plain old RSA, layered. Then you need a secure way to store the CA key. That is essentially exactly the same problem! I mean you can put it on a card and allow export of the CA key only if the request is signed by a SuperSecureCA key... But how do you control the export of the SuperSecureCA key? If you want a key backup, why not just create the key on a secure offline machine, copy it to a secure location (I print mine out using PaperBak) and then move it to the card on that secure offline machine? Works great! Best regards, Josef ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How do I make the private key on a OpenPGP smartcard non exportable ?
Il 24/06/2013 10:15, Werner Koch ha scritto: >> A smartcard could be useful anyway, at least as a "portable keyring" >> (if it didn't need initialization on every machine...). > A USB memory stick fulfills the same purpose. Not really secure... >> And key export could be controlled (like in MyPGPid card): private >> keys can only leave the card encrypted under "certified" keys. > There are several protocols for key migration from token to token. I don't want to migrate (move) it. I want to replicate (copy) it, to have one or more controlled backups. > If you want to do your own, you should be aware of possible patent > problems. I leave sw patents to others... And the system I'm going to use should have enough "prior art" to render a patent useless. > In any case it is a really complex task and not easy to get > right - if at all. The card hosts public key of a "export-authorizing" CA (well, it's not a real CA, since it doesn't do certificates at all... but call it that way for clarity). When I send to the card an export command w/ a public key signed encrypted by the CA's private key, the card answers with the private key encrypted under the signed public key (thinking about requiring a signature w/ private key of the requesting card). Plain old RSA, layered. >> BTW, for the really "paranoid", readers with an integrated pinpad are >> available: the PC never sees the PIN, so no installed sw can spoof >> it. (even if what I'd prefer is a card w/ both a pinpad and a >> display...). > Social engineering almost always work. And further, the display of > your pinpad+display equipped reader does not show you what you are > going to sign. Even further, there are several attacks on pinpad > equipped readers - sure that your reader has not been bugged? Well, a "paranoid" isn't paranoid enough unless he checks the pinpad cannot be easily read from the PC. :) I'm waiting for cards w/ integrated pinpad :) BYtE, Diego. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How do I make the private key on a OpenPGP smartcard non exportable ?
On Sat, 22 Jun 2013 15:03, ndk.cla...@gmail.com said: > A smartcard could be useful anyway, at least as a "portable keyring" (if > it didn't need initialization on every machine...). A USB memory stick fulfills the same purpose. > And key export could be controlled (like in MyPGPid card): private keys > can only leave the card encrypted under "certified" keys. There are several protocols for key migration from token to token. If you want to do your own, you should be aware of possible patent problems. In any case it is a really complex task and not easy to get right - if at all. > BTW, for the really "paranoid", readers with an integrated pinpad are > available: the PC never sees the PIN, so no installed sw can spoof it. > (even if what I'd prefer is a card w/ both a pinpad and a display...). Social engineering almost always work. And further, the display of your pinpad+display equipped reader does not show you what you are going to sign. Even further, there are several attacks on pinpad equipped readers - sure that your reader has not been bugged? Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How do I make the private key on a OpenPGP smartcard non exportable ?
Il 22/06/2013 09:35, Heinz Diehl ha scritto: > The whole point with a smartcard is that it's a lot easier to memorize > the PIN than a long and complicated passphrase, and that the private > key can't be exported. If it can, there's no need for a smartcard. I quite disagree, here. A smartcard could be useful anyway, at least as a "portable keyring" (if it didn't need initialization on every machine...). And key export could be controlled (like in MyPGPid card): private keys can only leave the card encrypted under "certified" keys. BTW, for the really "paranoid", readers with an integrated pinpad are available: the PC never sees the PIN, so no installed sw can spoof it. (even if what I'd prefer is a card w/ both a pinpad and a display...). BYtE, Diego. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How do I make the private key on a OpenPGP smartcard non exportable ?
On 20.06.2013, Henry Hertz Hobbit wrote: > Try the backup from GPA's menu. I doubt you will get anything > that can be exported. If you get a backupg.gpg (or similar), then try > importing your secret keys onto a second system with GPGWIN installed. The thing is, if there's a command to export the private keyring, you're hosed. Somebody who has access to your machine could simply install his own software. Besides: what would you do if you had discovered that somebody had gained root-access to your machine? I bet you would use your revocation certificate anyway. > Let's say your machine gets infected. Let's also suppose that a > key logger has been installed. Then, your PIN and passphrase is known to the adversary, and you're f*cked up. The whole point with a smartcard is that it's a lot easier to memorize the PIN than a long and complicated passphrase, and that the private key can't be exported. If it can, there's no need for a smartcard. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How do I make the private key on a OpenPGP smartcard non exportable ?
On 06/19/2013 03:21 PM, Heinz Diehl wrote: > On 18.06.2013, NdK wrote: > >> If the key is generated on-card, you have no way to backup it. No need >> for "unexportable" flag: simply there's no command to export it. > > And if the key is generated off-card and properly moved to the > smartcard afterwards, there's no way to export it either. It's only > the stub which points to the smartcard left on disk. Is the original poster still there? I was going to write and decided it was wiser to wait for these responses which I almost knew were coming. Try the backup from GPA's menu. I doubt you will get anything that can be exported. If you get a backupg.gpg (or similar), then try importing your secret keys onto a second system with GPGWIN installed. If all that flies (you were actually able to do a --export of your private keys despite these two people's responses to the contrary and then are able to do a --import on the second system) then try these tests: 1. Make a detached signature of a file on system one (with OpenPGP card). Copy the base file and the signature file to system two and see if it verifies. 2. Sign on second, copy to first, and see if it verifies on first. IOW, reverse of previous. 3. Enciper a file using public-key of said key you supposedly was able to import on either of the system. By that I mean a public-key enciphering, not just a symmetric cipher, e.g.: http://www.securemecca.com/public/GnuPG/pcrypt.txt Copy the public-key enciphered file to the other system. Flash drive, et al. Decipher it on the other system. I don't think your tests will work. In fact I don't believe you will even get to these three tests. What is the advantage of using the OpenPGP key and having a public-key enciphered file over a symmetric enciphered file? Symmetric Enciphered: = Let's say your machine gets infected. Let's also suppose that a key logger has been installed. I can assure you that most malware today either has a mini key-logger as part of the initial install or a key-logger can be downloaded and installed. Actually, most malware will almost do it automatically. I have over 10,000 malware to back that statement up. Either the key-logger got the password to encipher the enciphered file or they saw it when you temporarily deciphered the file. So now all the hackers need are either the plain-text file or the enciphered file and to know what created the enciphered file. But even if all the hackers have are the enciphered file and the pass-phrase they are now only one step away. PeskySpammer has even installed SMTP agents on tens of thousands of Microsoft Windows machines, one of which was at RIPE, one more at ICANN, and one at Yahoo. The hackers have your file and its name alone or what is in the file header reveals what was used to create the enciphered file. Within a few minutes they will have a deciphered file. The only thing that can protect you is to NEVER encipher or decipher the file while the key-logger is there and to never have the deciphered file available. But once they have the enciphered file and know the password to decipher the file the game is over and you have lost. OpenPGP Public-Key Enciphered: == All the same things hold. Assume they know the key's pass-phrase. They can also pull down the enciphered file. But you cannot just copy the keys since an OpenPGP card doesn't have a file system. If you cannot --export the secret-keys then the hackers will never get them. FOILED! The hackers have no choice but to move on or set some sort of trigger that knows when you decipher the public-key enciphered file. The longer you let the unenciphered file hang around the more likely it is to fly the coop. So even if the hackers know the pass-phrase (assume they do) and have the public-key enciphered file, they can NOT decipher the file. Now do you see the difference between a symmetric enciphered file and a public-key enciphered file where the OpenPGP keys are on an OpenPGP card? Just don't let the unenciphered file hang around any longer than normal. Do not just delete the unenciphered file - securely erase it when you don't need it. If you need higher security use an OS which has moderately more security (Linux) or even higher security (OpenBSD) with an OpenPGP card to hold the keys. Every layer of defense you add encourabes the hackers to move on in search of an easier target. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How do I make the private key on a OpenPGP smartcard non exportable ?
On 18.06.2013, NdK wrote: > If the key is generated on-card, you have no way to backup it. No need > for "unexportable" flag: simply there's no command to export it. And if the key is generated off-card and properly moved to the smartcard afterwards, there's no way to export it either. It's only the stub which points to the smartcard left on disk. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How do I make the private key on a OpenPGP smartcard non exportable ?
Il 17/06/2013 20:22, T L ha scritto: > Under GPA in windows there is a option to backup the private key from a > OpenPGP smartcard. The smartcard protocol of a standard OpenPGP card doesn't allow it. MyPGPid card will allow a controlled export. > My understanding is that one of the main purposes of > smartcard use is to prevent the private key from being exported and > force cryptographic operations through the card. Roughly speaking, yes. > Is there a method of > setting the private key non exportable that I am unaware of ? If the key is generated on-card, you have no way to backup it. No need for "unexportable" flag: simply there's no command to export it. > If not then what am I missing ? The whole point of using a smartcard? :) > How is this more secure than a password protected file ? Since the key is never available to the host, there's no way a malicious software can copy it. BYtE, Diego. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
How do I make the private key on a OpenPGP smartcard non exportable ?
Under GPA in windows there is a option to backup the private key from a OpenPGP smartcard. My understanding is that one of the main purposes of smartcard use is to prevent the private key from being exported and force cryptographic operations through the card. Is there a method of setting the private key non exportable that I am unaware of ? If not then what am I missing ? How is this more secure than a password protected file ? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users