[tor-dev] adding smartcard support to Tor
Ivan Markin
twim at riseup.net
Tue May 24 18:25:54 UTC 2016
Razvan Dragomirescu:
> Thanks Evan for the .onion links, I'll take a look. I'm still collecting
> data, testing hardware, etc. BTW, one of the cheapest options for this is
> http://www.ftsafe.com/product/epass/eJavaToken - $12 at
> http://javacardos.com/store/smartcard_eJavaToken.php . Unfortunately it has
> a bug that prevents OpenPGP from running (something to do with signature
> padding, I didn't look much into it). My plan is to write a very small
> JavaCard-based applet to load onto the card - that only does RSA key
> generation and signing, nothing else. Easy to write and easy to audit.
You can write it yourself but a working solution is already there. It's
possible to flash Java applet to almost any common jcard (they're pretty
cheap). Have a look at the nice guide by Subgraph team [1].
For the purpose of digest signing you can easily modify the applet to
have more than two signing keys (keep in mind that there are some card
limits).
[1] https://subgraph.com/sgos/documentation/smartcards/index.en.html
--
Have fun,
Ivan Markin
More information about the tor-dev
mailing list