Re: Smartcards and tokens

2016-12-20 Thread sivmu
Am 18.12.2016 um 10:49 schrieb Peter Lebbing: > On 18/12/16 01:56, Robert J. Hansen wrote: >> Nope. OpenPGP requires each RSA encryption add at least eight random >> bytes to the data pre-encryption in order to make even identical >> messages encrypt to different ciphertexts. > > However, this

Re: Smartcards and tokens

2016-12-18 Thread Peter Lebbing
On 18/12/16 01:56, Robert J. Hansen wrote: > Nope. OpenPGP requires each RSA encryption add at least eight random > bytes to the data pre-encryption in order to make even identical > messages encrypt to different ciphertexts. However, this randomness is added by the host, not by the smartcard.

Re: Smartcards and tokens

2016-12-17 Thread sivmu
Am 18.12.2016 um 01:30 schrieb Andrew Gallagher: > >> On 18 Dec 2016, at 00:17, sivmu wrote: >> >> ... that this means RSA encrzption is reproducable, meaning encrypted >> files of the same plaintext result in the same ciphertext, as this woul >> make the process reproduceable

Re: Smartcards and tokens

2016-12-17 Thread Robert J. Hansen
>> The smartcard itself only RSA-decrypts the session key (or hash), >> and this doesn't require an RNG. > > ... that this means RSA encrzption is reproducable, meaning > encrypted files of the same plaintext result in the same ciphertext, > as this woul make the process reproduceable and any

Re: Smartcards and tokens

2016-12-17 Thread Andrew Gallagher
> On 18 Dec 2016, at 00:17, sivmu wrote: > > ... that this means RSA encrzption is reproducable, meaning encrypted > files of the same plaintext result in the same ciphertext, as this woul > make the process reproduceable and any malfunction can be easily noticed. No, because the

Re: Smartcards and tokens

2016-12-17 Thread sivmu
Am 16.12.2016 um 13:36 schrieb Andrew Gallagher: > On 16/12/16 02:30, sivmu wrote: >> If the token does the encryption (and signing) operations, > > Smartcards perform signing and DEcryption (which in the case of RSA are > mathematically identical). > >> it needs randomness. > > That's true

Re: Smartcards and tokens

2016-12-16 Thread Andrew Gallagher
On 16/12/16 18:33, Lou Wynn wrote: > A brute force attack doesn't need to read the card, and > it simply enumerates keys in the key space used by the SmartCard. Yes, but the key space of the smartcard is much larger than the key space of a USB drive encrypted using a key derived from a

Re: Smartcards and tokens

2016-12-16 Thread Lou Wynn
On 12/15/2016 04:18 PM, Andrew Gallagher wrote: >> On 15 Dec 2016, at 19:24, Lou Wynn wrote: >> >> If the host machine is compromised, what's the purpose of doing encryption >> on the SmartCard? Attackers don't need to know the key to get your plaint >> ext, because it is on

Re: Smartcards and tokens

2016-12-16 Thread Andrew Gallagher
On 16/12/16 02:30, sivmu wrote: > If the token does the encryption (and signing) operations, Smartcards perform signing and DEcryption (which in the case of RSA are mathematically identical). > it needs randomness. That's true of DSA and ElGamal, but smartcards normally implement RSA. Remember

Re: Smartcards and tokens

2016-12-16 Thread Peter Lebbing
On 15/12/16 22:17, Damien Goutte-Gattat wrote: > I'll admit readily that I am not an expert on this, but I don't see how > that could be feasible without the help of the host PC--meaning your > opponent would have to both (1) compromise your PC and (2) send you a > malicious token. But if he could

Re: Smartcards and tokens

2016-12-15 Thread sivmu
Am 15.12.2016 um 22:17 schrieb Damien Goutte-Gattat: > On 12/15/2016 08:35 PM, sivmu wrote: >> From what I understand, a malicious token can e.g. perform encryption >> operations with weak randomness to create some kind of backdoor that is >> hard to detect. > > The token is normally not used

Re: Smartcards and tokens

2016-12-15 Thread NIIBE Yutaka
sivmu writes: > it seems using those specific devices actually decreases > security, assuming it is easy to manipulate specialised vendors of > security hardware compared to manipulating electronic hardware in general. Exactly, that's my point. This is the reason why my approach

Re: Smartcards and tokens

2016-12-15 Thread Andrew Gallagher
> On 15 Dec 2016, at 19:24, Lou Wynn wrote: > > If the host machine is compromised, what's the purpose of doing encryption on > the SmartCard? Attackers don't need to know the key to get your plaint ext, > because it is on the host machine. The difference is that if you

Re: Smartcards and tokens

2016-12-15 Thread Damien Goutte-Gattat
On 12/15/2016 08:35 PM, sivmu wrote: From what I understand, a malicious token can e.g. perform encryption operations with weak randomness to create some kind of backdoor that is hard to detect. The token is normally not used to perform any *encryption*. You encrypt with the public key of

Re: Smartcards and tokens

2016-12-15 Thread Lou Wynn
Hi Martinho, After I thought about it more, I have kind of drawn the conclusion that even for signing, only using a SmartCard cannot achieve authenticity. With a write-only SmartCard which computes signature on the card, it's true that it can protect the signing key. However, if it's used in a

Re: Smartcards and tokens

2016-12-15 Thread sivmu
Am 15.12.2016 um 02:35 schrieb NIIBE Yutaka: > sivmu wrote: >> One question remaining is what is the difference between the openpgp >> smartcard and the USB based tokens. > > I think that the OpenPGP card (the physical smartcard) is included in > Nitrokey Pro USB Token. So, it's

Re: Smartcards and tokens

2016-12-15 Thread Lou Wynn
If the host machine is compromised, what's the purpose of doing encryption on the SmartCard? Attackers don't need to know the key to get your plaint ext, because it is on the host machine. I guess that what you meant was signing, using a SmartCard to sign has the benefits you mentioned, but not

Re: Smartcards and tokens

2016-12-15 Thread R. Martinho Fernandes
There's an important distinction to be made between using this approach and using a SmartCard. The encrypted USB drive approach leaks the keys into the machine you're using it from; they're accessible by simply reading the filesystem (thus the claim that "When you unplug the USB, your keys are

Re: Smartcards and tokens

2016-12-14 Thread Lou Wynn
I've come cross a simple and secure approach at this post: http://zacharyvoase.com/2009/08/20/openpgp/ In the MAKING BACKUPS section, this method simply places your gnupg directory in an encrypted usb drive and make a symlink to it like this: ln -s /Volumes/EncDrive/gnupg ~/.gnupg That's all.

Re: Smartcards and tokens

2016-12-14 Thread NIIBE Yutaka
sivmu wrote: > One question remaining is what is the difference between the openpgp > smartcard and the USB based tokens. I think that the OpenPGP card (the physical smartcard) is included in Nitrokey Pro USB Token. So, it's exactly same from the view point of smartcard. When you

Smartcards and tokens

2016-12-12 Thread sivmu
Hi, recently I came across the toptic of hardware tokens for pgp keys and I am thinking about getting one myself. From what I have found so far there are several candidates such as the Openpgp smartcard, Yubikey and Nitrokey USB tokens. One question remaining is what is the difference between