On Tue, Dec 29, 2015 at 8:58 AM, Kristian Fiskerstrand <k...@gentoo.org> wrote: > > On 12/28/2015 07:35 PM, Rich Freeman wrote: >> On Mon, Dec 28, 2015 at 10:07 AM, Kristian Fiskerstrand >> <k...@gentoo.org> wrote: >>>> On 28 Dec 2015, at 15:58, James Le Cuirot <ch...@gentoo.org> >>>> wrote: >>>> > > >> That concern is hardly unique to phones. PCs suffer just as much >> from this problem. The solution could potentially be the same. >> For > > But here we already have smartcards (that everyone should and _is_ > using... right?)
I imagine that smartcards have about as much support on mobile as they do on PCs, which is to say not much. Sure, you can make it work, but software support for signing stuff is limited in general, let alone support for doing it with smartcards. > >> signing it is a straightforward problem since there is nothing to >> be kept secret except the key material itself (just send the >> message to the signing device, and return the signature back). For >> encryption > > for clarity (and what I think you already mean), the message in this > case is the message to be signed (which is likely a blinded hash or > something, so much shorter than the original data) If you don't display the plaintext on the device doing the signing, then you're vulnerable to a MITM unless you trust your PC, but if you trusted your PC you wouldn't need the signing device. The only thing a smartcard does is protects the private key itself. It doesn't protect you from manipulation of the data to be signed, or theft of plaintext, etc. > > Indeed, but at least the device won't be able to decrypt further > communication as it'd only have access to the session key of the > particular message. Loosing control of the private (sub)key is > substantially worse, so that might actually be ok for the security > parameters of the users. I agree, there are degrees of failure. > > This already happen in several countries, including Germany and on a > semi-related variant Norway (its government approved to sign > electronically using BankID, where the banks does the verification). > In germany there is even a CA that checks the government ID and > certify OpenPGP keys based on it. > That is at least a step up. Should we require or at least recommend government-signed keys for Gentoo in the few jurisdictions that provide them? I guess the main concern would be if we wanted to allow anonymity. So many problems would be solved if a signature using a secure device was required for every financial transaction. Just stick the PIN pad on the signing device with a small display. The device is given a message to sign including the date, amount to be authorized, and who is getting paid. The device displays this info on its screen and prompts for a PIN. For the problem of payment authorization that would eliminate almost all forms of fraud that don't involve holding somebody at gunpoint (and you could have a duress PIN and an encrypted field in the authorization large enough to hold either a padded all clear or an under-duress message with the timestamp and GPS coordinates that only the bank could read). In the US everybody seems to be afraid of big brother but big brother has enough big data that he doesn't really need you to use his fancy signing device anyway. -- Rich
