[tor-dev] adding smartcard support to Tor

Razvan Dragomirescu razvan.dragomirescu at veri.fi
Sun May 22 21:53:24 UTC 2016


Hello again,

I wanted to revisit this subject and actually start writing some code, but
it looks like Ivan Markin's GitHub account is gone, together with all the
code there. Ivan, are your modifications to OnionBalance still available
anywhere?

Thank you,
Razvan

--
Razvan Dragomirescu
Chief Technology Officer
Cayenne Graphics SRL

On Tue, Oct 20, 2015 at 10:05 PM, Ivan Markin <twim at riseup.net> wrote:

> grarpamp:
> > Yes if you intend to patch tor to use a smartcard as a
> > cryptographic coprocessor offloading anything of interest
> > that needs signed / encrypted / decrypted to it. The card
> > will need to remain plugged in for tor to function.
>
> As I said before, only thing that actually needs to be protected here is
> "main"/"frontend" .onion identity. For that purpose all you need to do
> is to sign descriptors. And not to lose the key.
>
> grarpamp:
> > However how is "pin" on swissbit enabled?
> > If it goes from the host (say via ssh or keyboard or some
> > device or app) through usb port through armory to swissbit,
> > that is never secure.
>
> No, I will be secure. An adversary could sniff your PIN and sign
> whatever they want to, true. But revealing the PIN != revealing the key.
> In this case your identity key is still safe even if your PIN is
> "compromised".
>
> --
> Ivan Markin
>
>
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160523/b71e3b43/attachment.html>


More information about the tor-dev mailing list