gnupg 'signing server'? Looking for advice on key management/security

Jacob Bachmeyer jcb62281 at gmail.com
Tue Nov 14 05:23:16 CET 2023


Daniel Cerqueira wrote:
> Jacob Bachmeyer <jcb62281 at gmail.com> writes:
>
>   
>> The problem here is that, while the key never leaves the smartcard,
>> the /entire/ device that accesses the smartcard must be trusted, as a
>> backdoor on the device could steal plaintext or submit extra items for
>> signing.  A PIN does not solve the problem, since the PIN is entered
>> on the device, which could be backdoored to store the PIN and submit
>> it along with Mallory's messages for the smartcard to sign---and the
>> card will sign it, since the PIN checks out...
>>
>> Smartcards make silently duplicating the key difficult (supposedly
>> infeasible) but do not solve the general problems with
>> network-connected devices.
>>     
>
> If you don't trust pinentry, maybe you should also not trust gnupg. They
> are from the same project (gnupg.org).
>
> I believe is best for you not to use gnupg and pinentry, until you
> review it.

My point is that smartcards do not magically increase security beyond 
the private key wrapping encryption built in to GPG, and provide little 
actual security benefit unless less-common steps (such as using a card 
reader with its own PIN pad) are taken.  (The convenience of being able 
to simply move the card between devices may be useful for some users.)

The issue here is not GPG or its associated pinentry program or any 
question of their integrity.  The issue is the possibility of the 
computer being tampered while I am away from it, or potentially, via the 
network, right under my nose.  (Consider the overall security of the 
typical Android device.)  So far, smartcards do not seem to provide any 
better protection in this case than GPG's own security features.  Such 
tampering would enable the theft of the GPG key passphrase or card PIN 
in either case.  In other words, the same attacks that can effectively 
break GPG's built in security also effectively break a smartcard by 
enabling the unauthorized use of the key on the card.

That is ignoring the additional risk that few if any smartcards use Free 
firmware, and are, by design, nearly impossible to verify.  A secret 
backdoor on the smartcard cannot be categorically ruled out, although 
such a violation of trust would be expected to effectively remove the 
card's manufacturer from the market should it come to light.


-- Jacob




More information about the Gnupg-users mailing list