Old PC as Hardware Security Module?

Simon Josefsson simon at josefsson.org
Mon May 14 13:36:27 CEST 2007 

"Robert J. Hansen" <rjh at sixdemonbag.org> writes:

>> I've been considering getting an OpenPGP Card, but there are three
>> reasons I'm reluctant to. The main one is that I want something that
>> will only do one signature or decryption at a time. That way if my
>> machine is compromised, I'll only suffer one hit before I'll notice
>> something's wrong.
>
> The OpenPGP card actually gives you a substantial advantage in this  
> situation.
>
> Let's say that you're running GnuPG on a PC and I'm able to subvert  
> the box.  I put in a keylogger and snarf your passphrase.  I also  
> copy your private keyring and mailspool off the box.  I can now read  
> your mail without ever touching it, except to copy a couple of files  
> and install a small app.  You're none the wiser.
>
> Compare this to an OpenPGP card, where I have to find you in a dark  
> alley and have a conversation with your kneecaps to get your card and  
> PIN.  You will most probably know that something has happened to you.

What prevents the keylogger in your first example to snarf the PIN code
for the OpenPGP card and send decryption requests to the OpenPGP card,
using the PIN code, in the background, possibly remotely controlled over
the network?

Alternatively, if you think remotely controlling the trojan is
difficult, let it iterate through your mail spool and send decryption
requests to collect all session keys, and then send the mail spool and
the session keys to you.

I think smart cards in general are somewhat over-rated.  You have no
idea what they are signing, and the authorization control (PIN code) is
easy to get by with a trojan.

To be secure with smart cards, I think you'll need a separate
single-purpose device that show you what it is going to sign, and signs
it only after getting some credential (e.g., PIN), using its own trusted
input device.  And there should be no caching of the PIN code, or at
least authorization should be required when the PIN cache is accessed.

The protocol to the single-purpose device would actually be quite
similar to what you would use to a 'old PC acting as HSM' device.  The
protocol is similar to a serialized PKCS#11 interface with the What You
See Is What You Sign extensions.

/Simon

More information about the Gnupg-users mailing list