This may be not quite what you want, but the Estonia E-resident card supports basic crypto with the private key on the smart card---i.e., you have to physically have the card to be able to read the encrypted mail.
There are probably more elegant solutions than plugging into the Estonia E-resident framework, but you'll get press for using the E-resident card---the Estonians always get happy when someone uses their card for something novel. Which might be a perk.
Note: I believe that, theoretically, yes, the Estonian government could jot down your private key before it goes onto the card. But they are economically disincentivized from doing that.
-V
On Wed, Oct 14, 2015 at 4:08 AM, Razvan Dragomirescu razvan.dragomirescu@veri.fi wrote:
Hello,
I am not sure if this has been discussed before or how hard it would be to implement, but I'm looking for a way to integrate a smartcard with Tor - essentially, I want to be able to host hidden service keys on the card. I'm trying to bind the hidden service to a hardware component (the smartcard) so that it can be securely hosted in a hostile environment as well as impossible to clone/move without physical access to the smartcard.
I have Tor running on the USBArmory by InversePath ( http://inversepath.com/usbarmory.html ) and have a microSD form factor card made by Swissbit ( www.swissbit.com/products/security-products/overwiev/security-products-overview/ ) up and running on it. I am a JavaCard developer myself and I have developed embedded Linux firmwares before but I have never touched the Tor source.
Is there anyone that is willing to take on a side project doing this? Would it be just a matter of configuring OpenSSL to use the card (I haven't tried that yet)?
Thank you, Razvan
-- Razvan Dragomirescu Chief Technology Officer Cayenne Graphics SRL
tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev