[tor-dev] adding smartcard support to Tor
Ivan Markin
twim at riseup.net
Sat Oct 17 19:27:18 UTC 2015
Ken Keys:
> If the tor process is going to use the key, at some point the
> unencrypted key has to be visible to the machine running it. You would
> in any case have to trust the machine hosting the tor node. A more
> secure setup would be to run the tor node inside an encrypted VM and use
> your smartcard/dongle/whatever to unlock the VM.
The point is that one can't[*] extract a private key from a smartcard
and because of that even if machine is compromised your private key
stays safe.
[*] Not so easy, but possible.
--
Ivan Markin
/"\
\ / ASCII Ribbon Campaign
X against HTML email & Microsoft
/ \ attachments! http://arc.pasp.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20151017/84d111aa/attachment.sig>
More information about the tor-dev
mailing list