[tor-dev] adding smartcard support to Tor

Ivan Markin twim at riseup.net
Tue May 24 18:25:54 UTC 2016


Razvan Dragomirescu:
> Thanks Evan for the .onion links, I'll take a look. I'm still collecting
> data, testing hardware, etc. BTW, one of the cheapest options for this is
> http://www.ftsafe.com/product/epass/eJavaToken - $12 at
> http://javacardos.com/store/smartcard_eJavaToken.php . Unfortunately it has
> a bug that prevents OpenPGP from running (something to do with signature
> padding, I didn't look much into it). My plan is to write a very small
> JavaCard-based applet to load onto the card - that only does RSA key
> generation and signing, nothing else. Easy to write and easy to audit.

You can write it yourself but a working solution is already there. It's
possible to flash Java applet to almost any common jcard (they're pretty
cheap). Have a look at the nice guide by Subgraph team [1].
For the purpose of digest signing you can easily modify the applet to
have more than two signing keys (keep in mind that there are some card
limits).


[1] https://subgraph.com/sgos/documentation/smartcards/index.en.html
--
Have fun,
Ivan Markin


More information about the tor-dev mailing list