project idea: portable password safe

Werner Almesberger werner at
Sat Sep 7 18:00:49 EDT 2013

Paul Boddie wrote:
> How does the idea relate to things like PGP key storage on smartcards? For 
> example:

I don't know much about card-based solutions. E.g., how many formats
are out there, how many voltages, are those designs global or do you
need one for each continent or even country, etc.

The basic concept is to keep the "trusted" computer in the card and
to add a "trusted" user interface (i.e., no keylogger, display
shows what the trusted computer sends) and an equally trusted
trusted-UI-to-trusted-computer interface.

That way, you get two-factor authentication: you need to HAVE the
card and you need to KNOW the code you type in on the keyboard.
If your code gets compromised (e.g., someone added a key logger to
your card reader), you still have the card acting as a "key", but it
could then be used to authenticate automated fraudulent

If the card merely stores a key but doesn't need to be trusted (or
if the issuer of the card decides to trust you to set up a trusted
environment), then you could move all this into the password safe.

Note that such trusted environments may have requirements the safe
may not meet, e.g., hardening against key snooping by monitoring
power consumption, processing time, and by varying the chip's
operating environment.

> Although lots of services still work in terms of passwords, I can foresee 
> people starting to use PGP a lot more,

If it's just PGP, you can encrypt the secret key and store it in
the safe, just like any other password. Then add some protocol to
do the processing you want to be done with it. Such a solution can
exist in parallel to any cards.

> However, these systems appear to give the control 
> over actually making signatures to the organisations running those systems, 

I very much hope the Snowden reports will be the final nail in the
coffin of CA-centric signatures and authentication.

> One supposed concern that government agencies (the normal ones, not the ones 
> doing all the spying) have is that individuals might not be able to look
> after their keys, and that services in proper datacentres are needed to do
> that for them,

Naw, a smarcard would be sufficient for hiding the key. You don't
need massive processing power either. E.g., if you want to do
something on a TB of data, you wouldn't run that TB through the
card's poor little electronic brain, but you'd generate a random
key and ecrypt that with the card (for encryption), or do the same
with a secure hash (for signing).

The authorities also don't have to have faith your judgement when
adding people to your Web of Trust. They can simply sign your key
and only consider their signatures when checking your credentials.
That's pretty much the same as in a CA-based scheme.

- Werner

More information about the discussion mailing list