Re: [opensc-devel] proving a key is on a smart card
On Thu, Jan 19, 2012 at 7:25 PM, Frank Cusack fr...@linetwo.net wrote: On Thu, Jan 19, 2012 at 2:27 AM, Viktor Tarasov viktor.tara...@gmail.comwrote: On Thu, Jan 19, 2012 at 9:52 AM, Frank Cusack fr...@linetwo.net wrote: On Wed, Jan 18, 2012 at 11:57 PM, Viktor Tarasov viktor.tara...@gmail.com wrote: On Thu, Jan 19, 2012 at 8:30 AM, Frank Cusack fr...@linetwo.netwrote: On Wed, Jan 18, 2012 at 11:04 PM, Christian Hohnstaedt christ...@hohnstaedt.de wrote: On Wed, Jan 18, 2012 at 04:20:05PM -0800, Frank Cusack wrote: In a CSR, how is it proven that the key resides on a smart card (and is not exportable)? In my understanding, the CSR is signed by the private key of the (to be) cert itself. Thus that signature only proves that the requester actually possesses the private half, not that the private key resides on a smart card. Looking at the cryptoflex command set, I don't see anything there that would add something to the CSR asserting that the key was generated on-card. Same for ISO 7816-8, but I could easily be missing something. You're probably missing the fact that noone stops the owner of a software key to add the same information to the CSR. Not if there's an APDU that adds that information as part of the operation, and the key used in that operation cannot be used except for CSR generation. If the generate/import key operations are protected by secure-messaging, then the 'ticket' will be included into the successful APDU's response. This 'ticket' can be checked by caller to be sure that key was really injected/generated by card. You're missing the point. Of course the caller can know if the key was really generated on card, but the CA cannot know that. Secure messaging can be established in asymmetric mode, using the CA certificate trusted by card. I don't think that's enough? It doesn't matter if the card trusts the CA, it's that the CA has to trust the card. Difficult to do more with the common cards. Possible solution could be organisational : - OpCA dedicated only for mutual authentication between the cards and enrollment/other entities; - OpCA certificate is not widely published and is only known by the upper actors. (like symmetric keys for symmetric SM.) ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] proving a key is on a smart card
TPMs already have an EK (Endorsement Key) on the chip. However, the TPM guys didn't look into SM (Secure Messaging) so at least the current version (1.2) is quite crippled. Microsoft intends making TPM 2.0 a standard feature in W8 pads. Their take on secure silicon is making it a part of the CPU itself: http://channel9.msdn.com/Events/BUILD/BUILD2011/HW-462T -- anders ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] proving a key is on a smart card
Hi! I don't think that's enough? It doesn't matter if the card trusts the CA, it's that the CA has to trust the card. Difficult to do more with the common cards. As Andreas said, the German identity card (nPA) has this functionality (BSI TR-03110). A whole bunch of technical guidelines (TRs) describe every entity and process needed. Services that use the ID card for online authentication and identification are already available. What Andreas did not mention is that a card's key is actually shared among multiple cards for privacy reasons. This makes revocation a bit difficult. So for the nPA we will soon see chip individual keys and/or group signature schemes. Cheers, Frank. pgpTxT2N9kdXh.pgp Description: PGP signature ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] proving a key is on a smart card
Hi Frank, you are right with the German identity card, however our approach is different: Our card (which is no nPA) stores the key required for terminal authentication, not for chip authentication. The key for terminal authentication must be certified by a DVCA, which in turn is certified by a national CVCA. So the challenge is to prove, that the key pair for terminal authentication was actually generated at the secure token in the terminal. We are just reusing the established authenticated CSR format from TR-03110 and build that into the card. The key for signing the authenticated request can only be used for this specific purpose - this is enforced internally in the card. There is no secure messaging involved, because we only need to provide integrity and authenticity of the CSR. The scheme has no need for confidentiality, as all information is public anyway (CSR and certificate written to the card). Andreas Am 20.01.2012 11:49, schrieb Frank Morgner: Hi! I don't think that's enough? It doesn't matter if the card trusts the CA, it's that the CA has to trust the card. Difficult to do more with the common cards. As Andreas said, the German identity card (nPA) has this functionality (BSI TR-03110). A whole bunch of technical guidelines (TRs) describe every entity and process needed. Services that use the ID card for online authentication and identification are already available. What Andreas did not mention is that a card's key is actually shared among multiple cards for privacy reasons. This makes revocation a bit difficult. So for the nPA we will soon see chip individual keys and/or group signature schemes. Cheers, Frank. ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel -- -CardContact Software System Consulting |.## ##.| Andreas Schwier |# #| Schülerweg 38 |# #| 32429 Minden, Germany |'## ##'| Phone +49 171 8334920 -http://www.cardcontact.de http://www.tscons.de http://www.openscdp.org ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] proving a key is on a smart card
Frank Cusack wrote: For example, if I had some key/cert on the card (and I know it can only exist on the card -- this might happen before it is shipped to me or in bulk secure provisioning on site) that is not able to be used for anything externally. ie, you cannot encrypt,decrypt,sign or verify any external data with this key/cert. But when you ask for a CSR, there's actually a CSR APDU -- not a software generation of CSR then asking the card to sign the CSR. You pass the relevant attributes to be included in the CSR, and the card itself adds some signed data as a CSR attribute which the CA can verify. There is no way for the user to add that signed data to a software CSR because the key used to sign that data is not available to the user. That's just a way I thought of, maybe there is some other way as well. The current (but under revision) Swedish eID card includes a scheme like this. The card is delivered with a special key+cert which is meant to authenticate the card when it is enrolling. So far for the theory. In practise I've seen zero software solutions use this key+cert. I guess there may be one at the police (they issue passports and this card) but.. It seems it would be a good advantage to be able to do this, you could provision on demand at an insecure station, instead of (e.g.) having a secure station and provisioning with a single-use PIN. OTOH you need special cards and special software on the insecure station. //Peter ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] proving a key is on a smart card
On Wed, Jan 18, 2012 at 11:30:36PM -0800, Frank Cusack wrote: On Wed, Jan 18, 2012 at 11:04 PM, Christian Hohnstaedt christ...@hohnstaedt.de wrote: On Wed, Jan 18, 2012 at 04:20:05PM -0800, Frank Cusack wrote: In a CSR, how is it proven that the key resides on a smart card (and is not exportable)? In my understanding, the CSR is signed by the private key of the (to be) cert itself. Thus that signature only proves that the requester actually possesses the private half, not that the private key resides on a smart card. Looking at the cryptoflex command set, I don't see anything there that would add something to the CSR asserting that the key was generated on-card. Same for ISO 7816-8, but I could easily be missing something. You're probably missing the fact that noone stops the owner of a software key to add the same information to the CSR. Not if there's an APDU that adds that information as part of the operation, and the key used in that operation cannot be used except for CSR generation. For example, if I had some key/cert on the card (and I know it can only exist on the card -- this might happen before it is shipped to me or in bulk secure provisioning on site) The problem is, that nobody can distinguish the public key of a smart card from a software key. That means, there must be a secret on the card that is known by the CA. Therefore the CA operator needs prior access to the cards. If the CA operator has prior access to the cards, a simple solution could be to extract the public key and probably store it in a hashed way in some sort of database. For every incoming CSR the CA searches for the public key hash in its database. No additional APDU or secret required. that is not able to be used for anything externally. ie, you cannot encrypt,decrypt,sign or verify any external data with this key/cert. But when you ask for a CSR, there's actually a CSR APDU -- not a software generation of CSR then asking the card to sign the CSR. You pass the relevant attributes to be included in the CSR, and the card itself adds some signed data as a CSR attribute which the CA can The question is: What shall the the signed data be ? verify. There is no way for the user to add that signed data to a software CSR because the key used to sign that data is not available to the user. That is what i doubt. Anything that can be signed by the card can be signed by a software key, too. Cheers Christian ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] proving a key is on a smart card
Seriously, please trim replies. Christian Hohnstaedt wrote: Anything that can be signed by the card can be signed by a software key, too. Yes of course. But the point is that the card can come with the special key pre-installed. //Peter ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] proving a key is on a smart card
Il 19/01/2012 09:16, Peter Stuge ha scritto: Christian Hohnstaedt wrote: Anything that can be signed by the card can be signed by a software key, too. Yes of course. But the point is that the card can come with the special key pre-installed. I see at least two ways here: 1) the 'technical' way: have a card that, when issued (= before being given to the user), already contains a cert for a key generated on-card. When the user requests a new cert, the old (referencing the same private key) must be included as a proof (actually, the 'public key' part could be taken from this cert, simplifying CSR that could even be a simple web form for the other infos). 2) the 'legal' way (might not be applicable everywhere): when the user submits a CSR, (s)he must swear that the key have been generated on-card and is not extractable It's the usual chicken-and-egg problem. :) PS: a doubt just popped in my mind: can I store multiple certs for the same private key? How? BYtE, Diego. ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] proving a key is on a smart card
Dear Frank, we have such a card. Take a look at [1]. The card internally generates a key pair and a CSR as defined in TR-03110 (that is the standard for biometric passports, in particular Extended Access Control). Such an authenticated request contains two signatures: the inner signature is the proof-of-correspondence (I own the private and public key) and the outer signature provides proof-of-origin (the key was generated in an authentic device). Each card contains a device authentication key that gets certified during production. A CA receiving a certificate request must 1. first verify the device authentication certificate read from the card, 2. then verify the outer signature with the public key obtained from the device authentication certificate, 3. then verify the inner signature to prove that the sender actually owns the private key and 4. finally issue a certificate for the public key contained. The scheme is specifically used for remote certificate issuance, where you can not rely on a secure communication channel between the CA and the token. Andreas [1] http://www.cardcontact.de/products/SmartCard-HSM_V1.0.pdf Am 19.01.2012 01:20, schrieb Frank Cusack: In a CSR, how is it proven that the key resides on a smart card (and is not exportable)? In my understanding, the CSR is signed by the private key of the (to be) cert itself. Thus that signature only proves that the requester actually possesses the private half, not that the private key resides on a smart card. Looking at the cryptoflex command set, I don't see anything there that would add something to the CSR asserting that the key was generated on-card. Same for ISO 7816-8, but I could easily be missing something. Are there card specific APDUs that add some proof? If so, any pointers to what cards can do this? Or is the typical method basically to require use of a secure enrollment station? ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel -- -CardContact Software System Consulting |.## ##.| Andreas Schwier |# #| Schülerweg 38 |# #| 32429 Minden, Germany |'## ##'| Phone +49 171 8334920 -http://www.cardcontact.de http://www.tscons.de http://www.openscdp.org ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] proving a key is on a smart card
On 2012-01-19 09:38, NdK wrote: Il 19/01/2012 09:16, Peter Stuge ha scritto: Christian Hohnstaedt wrote: Anything that can be signed by the card can be signed by a software key, too. Yes of course. But the point is that the card can come with the special key pre-installed. I see at least two ways here: 1) the 'technical' way: have a card that, when issued (= before being given to the user), already contains a cert for a key generated on-card. When the user requests a new cert, the old (referencing the same private key) must be included as a proof (actually, the 'public key' part could be taken from this cert, simplifying CSR that could even be a simple web form for the other infos). 2) the 'legal' way (might not be applicable everywhere): when the user submits a CSR, (s)he must swear that the key have been generated on-card and is not extractable It's the usual chicken-and-egg problem. :) This is since long solved problem. It is an intrinsic part of GlobalPlatform where you don't really use CSR's and PoP's but a session-key to secure that you are really talking to the card. On http://webpki.org/auth-token-4-the-cloud.html you can find a lot of material on a system that takes this concept to a new level by making the entire provisioning session a transaction. I hope to present it on FOSDEM but I haven't heard from Martin yet... -- Anders PS: a doubt just popped in my mind: can I store multiple certs for the same private key? How? BYtE, Diego. ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] proving a key is on a smart card
On Thu, Jan 19, 2012 at 12:38 AM, NdK ndk.cla...@gmail.com wrote: Il 19/01/2012 09:16, Peter Stuge ha scritto: Christian Hohnstaedt wrote: Anything that can be signed by the card can be signed by a software key, too. Yes of course. But the point is that the card can come with the special key pre-installed. I see at least two ways here: 1) the 'technical' way: have a card that, when issued (= before being given to the user), already contains a cert for a key generated on-card. When the user requests a new cert, the old (referencing the same private key) must be included as a proof (actually, the 'public key' part could be taken from this cert, simplifying CSR that could even be a simple web form for the other infos). Thanks. I independently just thought of this and seeing your response validates my thought. This method seems much easier than my convoluted approach, but I like even more the method suggested by Christian: the CA just knows the public keys in advance. It's also nice (for both methods: public key or cert exchange) that the user doesn't have to sit there waiting for key generation. On Thu, Jan 19, 2012 at 12:03 AM, Christian Hohnstaedt christ...@hohnstaedt.de wrote: On Wed, Jan 18, 2012 at 11:30:36PM -0800, Frank Cusack wrote: verify. There is no way for the user to add that signed data to a software CSR because the key used to sign that data is not available to the user. That is what i doubt. Anything that can be signed by the card can be signed by a software key, too. Not if the operation requires that the card add the data, and the key used won't sign raw input data. For example, consider a CA. It doesn't just sign what you pass to it. It adds some locally generated attributes (most importantly a serial number, which can't be user influenced) and signs that. A software key can do all that, of course, but in my proposal we have to already know that the signing (attestation?) key is card generated and resident. My point was that this attestation key is not personalized to the user and can be provisioned in bulk. ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] proving a key is on a smart card
On Thu, Jan 19, 2012 at 1:10 AM, Anders Rundgren anders.rundg...@telia.comwrote: This is since long solved problem. It is an intrinsic part of GlobalPlatform where you don't really use CSR's and PoP's but a session-key to secure that you are really talking to the card. On http://webpki.org/auth-token-4-the-cloud.html you can find a lot of material on a system that takes this concept to a new level by making the entire provisioning session a transaction. I hope to present it on FOSDEM but I haven't heard from Martin yet... Cool. Intel has a similar process for their (non-GP I think) devices. Even generically, could SM be used for this? (Or is that in fact what you are referring to?) It means the CA, not the user, is interacting with the card, which might even be a good thing. Someone emailed me privately mentioning SM but I told him he was incorrect since the CA wasn't part of the SM session. Maybe that's what he meant. ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] proving a key is on a smart card
On 2012-01-19 10:16, Frank Cusack wrote: On Thu, Jan 19, 2012 at 1:10 AM, Anders Rundgren anders.rundg...@telia.com mailto:anders.rundg...@telia.com wrote: This is since long solved problem. It is an intrinsic part of GlobalPlatform where you don't really use CSR's and PoP's but a session-key to secure that you are really talking to the card. On http://webpki.org/auth-token-4-the-cloud.html you can find a lot of material on a system that takes this concept to a new level by making the entire provisioning session a transaction. I hope to present it on FOSDEM but I haven't heard from Martin yet... Cool. Intel has a similar process for their (non-GP I think) devices. Even generically, could SM be used for this? (Or is that in fact what you are referring to?) It means the CA, not the user, is interacting with the card, which might even be a good thing. Indeed I was referring to SM. The big thing is really how the session key is created. Most cards use static symmetric keys but this is a bad solution; SKS uses a combination of ephemeral ECDH keys and a separate attesting card PKI for this purpose. -- Anders Someone emailed me privately mentioning SM but I told him he was incorrect since the CA wasn't part of the SM session. Maybe that's what he meant. ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] proving a key is on a smart card
In a CSR, how is it proven that the key resides on a smart card (and is not exportable)? In my understanding, the CSR is signed by the private key of the (to be) cert itself. Thus that signature only proves that the requester actually possesses the private half, not that the private key resides on a smart card. Looking at the cryptoflex command set, I don't see anything there that would add something to the CSR asserting that the key was generated on-card. Same for ISO 7816-8, but I could easily be missing something. Are there card specific APDUs that add some proof? If so, any pointers to what cards can do this? Or is the typical method basically to require use of a secure enrollment station? ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] proving a key is on a smart card
On Wed, Jan 18, 2012 at 04:20:05PM -0800, Frank Cusack wrote: In a CSR, how is it proven that the key resides on a smart card (and is not exportable)? In my understanding, the CSR is signed by the private key of the (to be) cert itself. Thus that signature only proves that the requester actually possesses the private half, not that the private key resides on a smart card. Looking at the cryptoflex command set, I don't see anything there that would add something to the CSR asserting that the key was generated on-card. Same for ISO 7816-8, but I could easily be missing something. You're probably missing the fact that noone stops the owner of a software key to add the same information to the CSR. Cheers Christian ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] proving a key is on a smart card
On Wed, Jan 18, 2012 at 11:04 PM, Christian Hohnstaedt christ...@hohnstaedt.de wrote: On Wed, Jan 18, 2012 at 04:20:05PM -0800, Frank Cusack wrote: In a CSR, how is it proven that the key resides on a smart card (and is not exportable)? In my understanding, the CSR is signed by the private key of the (to be) cert itself. Thus that signature only proves that the requester actually possesses the private half, not that the private key resides on a smart card. Looking at the cryptoflex command set, I don't see anything there that would add something to the CSR asserting that the key was generated on-card. Same for ISO 7816-8, but I could easily be missing something. You're probably missing the fact that noone stops the owner of a software key to add the same information to the CSR. Not if there's an APDU that adds that information as part of the operation, and the key used in that operation cannot be used except for CSR generation. For example, if I had some key/cert on the card (and I know it can only exist on the card -- this might happen before it is shipped to me or in bulk secure provisioning on site) that is not able to be used for anything externally. ie, you cannot encrypt,decrypt,sign or verify any external data with this key/cert. But when you ask for a CSR, there's actually a CSR APDU -- not a software generation of CSR then asking the card to sign the CSR. You pass the relevant attributes to be included in the CSR, and the card itself adds some signed data as a CSR attribute which the CA can verify. There is no way for the user to add that signed data to a software CSR because the key used to sign that data is not available to the user. That's just a way I thought of, maybe there is some other way as well. It seems it would be a good advantage to be able to do this, you could provision on demand at an insecure station, instead of (e.g.) having a secure station and provisioning with a single-use PIN. Could this be implemented independently (without direct card manufacturer support) on a javacard? I don't see why not. But I was hoping to learn that some card out there already can do this, or that someone has thought of it before. ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel