One of the projects proposed for this round of Outreachy is the PGP / PKI Clean Room live image.
Interns, and anybody who decides to start using the project (it is already functional for command line users) need to decide about purchasing various pieces of hardware, including a smart card, a smart card reader and a suitably secure computer to run the clean room image. It may also be desirable to purchase some additional accessories, such as a hardware random number generator.
If you have any specific suggestions for hardware or can help arrange any donations of hardware for Outreachy interns, please come and join us in the pki-clean-room mailing list or consider adding ideas on the PGP / PKI clean room wiki.
For standard PGP use, the OpenPGP card provides a good choice.
For X.509 use cases, such as VPN access, there are a range of choices. I recently obtained one of the SmartCard HSM cards, Card Contact were kind enough to provide me with a free sample. An interesting feature of this card is Elliptic Curve (ECC) support. More potential cards are listed on the OpenSC page here.
The technical factors to consider are most easily explained with a table:
On disk | Smartcard reader without PIN-pad | Smartcard reader with PIN-pad | |
---|---|---|---|
Software | Free/open | Mostly free/open, Proprietary firmware in reader | |
Key extraction | Possible | Not generally possible | |
Passphrase compromise attack vectors | Hardware or software keyloggers, phishing, user error (unsophisticated attackers) | Exploiting firmware bugs over USB (only sophisticated attackers) | |
Other factors | No hardware | Small, USB key form-factor | Largest form factor |
Some are shortlisted on the GnuPG wiki and there has been recent discussion of that list on the GnuPG-users mailing list.
There are a wide array of devices to choose from. Here are some principles that come to mind:
The SD cards are used to store the master private key, used to sign the certificates/keys on the smart cards. Multiple copies are kept.
It is a good idea to use SD cards from different vendors, preferably not manufactured in the same batch, to minimize the risk that they all fail at the same time.
For convenience, it would be desirable to use a multi-card reader:
although the software experience will be much the same if lots of individual card readers or USB flash drives are used.
One additional idea that comes to mind is a hardware random number generator (TRNG), such as the FST-01.
If you have any specific suggestions for hardware or can help arrange any donations of hardware for Outreachy interns, please come and join us in the pki-clean-room mailing list or consider adding ideas on the PGP / PKI clean room wiki.