On 10/17/2015 12:27 PM, Ivan Markin wrote:
Ken Keys:
If the tor process is going to use the key, at some point the unencrypted key has to be visible to the machine running it. You would in any case have to trust the machine hosting the tor node. A more secure setup would be to run the tor node inside an encrypted VM and use your smartcard/dongle/whatever to unlock the VM.
The point is that one can't[*] extract a private key from a smartcard and because of that even if machine is compromised your private key stays safe.
[*] Not so easy, but possible.
If the machine is going to use the HS key, the actual HS key has to be visible to it. An encrypted container holding a VM could use RSA-style public/private key encryption so that it never has to see the private key used to unlock it. You would still need to trust the VM, but the encrypted container would allow you to establish a chain of custody.