On Sat, Oct 17, 2015 at 5:46 PM, Razvan Dragomirescu razvan.dragomirescu@veri.fi wrote:
Exactly, you ask the smartcard to decrypt your traffic (and sign data if needed), it never tells you the key, it's a blackbox - it gets plaintext input and gives you encrypted (or signed) output, without ever revealing the key it's used. It can also generate the key internally (actually a keypair, it stores the private key in secure memory (protected from software _and_ hardware attacks)) and gives you the public key so that you can publish it.
Remember, smartcards are not just storage, they are tamper resistant embedded computers.
I misread your original intent.
Yes if you intend to patch tor to use a smartcard as a cryptographic coprocessor offloading anything of interest that needs signed / encrypted / decrypted to it. The card will need to remain plugged in for tor to function. The card will need to know to generate new keys periodically for the functions in tor that need them... new key usage API's will need developed between the card and tor to manage that. OpenSSL may have card functions already but not in a way that makes sense to abstract upper program logic of tor. And your own use of "pin" and input to enable the card itself should be as secure as that to be protected.
It's worth looking at the keyops per second and streamrates per second needed by various crypto parts of tor and determining what smartcards / expansion cards on the market could handle which parts of that. Cards need to support the crypto algos that tor uses or will be moving to.