An FYI: GPG and SmartCard Implementation

[Shinobi]

I'm sure many of you aren't familiar with GnuPG Smart cards. For those not familiar, there is an OpenPGP SmartCard Project that has created an open standard specification for PGP-compliant smart cards. Kernel Concepts (Germany) sell cards made in compliance with this OpenPGP secification for roughly $20, which work with many commonly found card readers .

I have a setup that makes use of one of these cards in two ways:

1. PGP Decryption: Rather than having to manually key in my passphrase to decrypt PGP-encrypted e-mails sent to me, I have the passphrase and private key stored on the smartcard, and when it is inserted - e-mails are seamlessly decrypted. Apart from being convenient, the fact that my private key is kept ONLY on the card means that the chance of my private key being compromised is heavily reduced. Should someone steal my smartcard, they will have a helluva time trying to extract my private key - 10 incorrect tries to mount the smartcard and it erases itself.

2.  Full-Disk Encryption. I make use of Full Disk Encryption - if you are too lazy to read the linked Wiki page, it means that my harddrive is completely encrypted and the harddrive is decrypted on-the-fly when booted up (computers these days are so fast, that there is essentially no noticeable performance loss). This has several obvious advantages - when the computer is off, the harddrive remains in an encrypted state. My smartcard contains the passkey used to decrypt my system at boot. so with the smartcard plugged in, my computer seamlessly boots without my input. If the card is not installed, I am prompted for the passphrase just prior to booting of the OS.

I think many of you would benefit from this, the especially No. 2 above. Should you computer be stolen, your computer could not be booted, and depending on the strength of your passphrase, you harddrive could never be penetrated (and your wallet.dat compromised). Note that a smartcard is NOT needed for full-disk encryption. It just takes away the small annoyance of having to type in a passphrase everytime you boot. And because of this automation, your passphrase can be significantly longer since you don't have to spend time typing it. I recommend that all of you make use of full-disk encryption. Most flavors of Linux have it as an option during installation. Alternatively you can have Truecrypt set-up full-disk encryption (both Windows 7 and Linux). And you don't need to reinstall your OS to do so.


If anyone needs help setting this up, I'm more than happy to help. To head off any accusations, I do not work for any of the companies or foundations involved in this initiative, so I have nothing to financially gain. I'm just trying to be helpful.

[1714812665]

1714812665

[1714812665]

1714812665

[1714812665]

1714812665

[bitplane]

Sounds really interesting. A few questions though:

1) What happens if I lose my smartcard? Is it just my GPG key and passphrase in there?
2) My computer is always on. Can the software be set to launch secure storage when the card is inserted?
3) My laptop doesn't have a card reader, are there USB key options available?

[Shinobi]

No problem. I'll answer each in turn below:

1) What happens if I lose my smartcard? Is it just my GPG key and passphrase in there?[/qoute]

I am writing assuming that you have zero knowledge of PGP/GPG, so please do not be offended if you do! Perhaps the explanation may be of help to others on this forum.

To provide a tremendously oversimplified explanation, GPG works by having you create 2 keys, a public key which you give out to others, and a private key which you does not reveal to *anyone*. These keys are generated as a pair and are mathematically interrelated. When generating the keypair, the user has to enter a password (more appropriately called a passphrase as it can be more than one word). Each key is stored as a file. After creating the keypair, you can send your public key to all the folks with whom you want to communicate in an encrypted fashion, or more conveniently, you "publish" your public key to a keyring in the internet - the most popular is run by MIT.

When someone wants to send a private communication to you, they use one of the many GPG programs out there (it is available as a plugin or standalone, and there is the open-source version called GPG, for which there is an easy-to-use plugin for Mozilla Thunderbird) which takes their text and encrypts it using the public key you gave them. The output of the encryption looks like THIS which can be sent as any other e-mail.

When you receive this e-mail, your GPG program will decrypt it with your private key, and in order to do so will ask you for the passphrase. If you supply the correct passphrase, the message will be decrypted and you can read it. Presumably you will have your friend's public key and your communication with him will proceed by the same fashion.

NOTE: When you generate the keypair, you have the option of generating a revocation certificate. Should your private key be taken or if you ever feel your private key has been compromised, you simply need send the revocation certificate to the public keyring and it will kill the public key you had uploaded and you can also notify everyone who you use GPG with that this key is no longer valid. Furthermore, when you set up your Smartcard, you establish a PIN - much like an ATM card. Should 10 attempts to mount the card with an incorrect pin occur, the Smartcard deletes itself and is rendered invalid.

2) My computer is always on. Can the software be set to launch secure storage when the card is inserted?

Yes, it can. As the computer detects the card in the same manner as it detects a USB device, a script can easily be created and I"m sure one already exists, to mount secure storage related to the

3) My laptop doesn't have a card reader, are there USB key options available?

I believe there are, and that is often the purpose of dongles like Yubikey. Check your PM.

[phillipsjk]

1) What happens if I lose my smartcard? Is it just my GPG key and passphrase in there?

If you don't have a backup copy (which goes against the idea of a smart card as far as I can tell), you loose your wallet and coins.

The client really needs to support different wallets with varying degrees of security. Note there is no reason only one client can be used. Though, for pre-compiled binaries, one of the "official" clients is probably a good idea.

[Shinobi]

Noone mentioned anything about putting one's wallet on the card!

[phillipsjk]

You did mention having a back-up copy of your passphrase. If the passphrase is strong enough, deleting it can be almost the same as deleting the encrypted data itself.

[bcearl]

Noone mentioned anything about putting one's wallet on the card!

You just need a card that can do ECDSA with the right properties.


https://en.bitcoin.it/wiki/Protocol_specification#Signatures