[tor-dev] adding smartcard support to Tor

Razvan Dragomirescu razvan.dragomirescu at veri.fi
Sat Oct 17 18:16:20 UTC 2015


Thank you grarpamp, but that's not what I'm trying to prevent/achieve. I
simply want to host the private key for a hidden service inside a secure
element (a smartcard) to ensure that only the hardware that has direct
access to my smartcard can publish the descriptors for the service and
decrypt incoming packets. I do realize the host will have complete control
over the Tor instance and that's fine, I simply want to prevent it (or a
different host) from ever publishing this HS without having access to the
smartcard.

The idea is to tie the HS to the physical smart card - whoever holds the
smartcard can publish the service, once the card is removed, the service
moves with it.

An attacker (with or without physical access to the machine running Tor)
would not be able to extract any information that would allow him to
impersonate the service at a later time. Of course, he can change the
_current_ content or serve his own, but cannot permanently compromise the
service by reading its private key.

Thank you,
Razvan

--
Razvan Dragomirescu
Chief Technology Officer
Cayenne Graphics SRL

On Fri, Oct 16, 2015 at 1:56 AM, grarpamp <grarpamp at gmail.com> wrote:

> On Tue, Oct 13, 2015 at 4:08 PM, Razvan Dragomirescu
> <razvan.dragomirescu at veri.fi> wrote:
> > essentially, I want to be able to host hidden service keys on the card.
> I'm
> > trying to bind the hidden service to a hardware component (the
> smartcard) so
> > that it can be securely hosted in a hostile environment as well as
> > impossible to clone/move without physical access to the smartcard.
>
> The host will have both physical and logical access to your
> process space, therefore you're compromised regardless
> of where you physically keep the keys or how you acccess
> them.
>
> Though there are trac tickets you can search for involving
> loading keys into tor controller via remote tunnel without need
> to leave and mount or access physical devices in /dev.
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20151017/b68c8fe0/attachment.html>


More information about the tor-dev mailing list