Choosing smartcards, readers and hardware for the Outreachy project
One of the projects proposed for this round of Outreachy is the PGP / PKI Clean Room live image.
Interns, and anybody who decides to start using the project (it is already functional for command line users) need to decide about purchasing various pieces of hardware, including a smart card, a smart card reader and a suitably secure computer to run the clean room image. It may also be desirable to purchase some additional accessories, such as a hardware random number generator.
If you have any specific suggestions for hardware or can help arrange any donations of hardware for Outreachy interns, please come and join us in the pki-clean-room mailing list or consider adding ideas on the PGP / PKI clean room wiki.
Choice of smart card
For standard PGP use, the OpenPGP card provides a good choice.
For X.509 use cases, such as VPN access, there are a range of choices. I recently obtained one of the SmartCard HSM cards, Card Contact were kind enough to provide me with a free sample. An interesting feature of this card is Elliptic Curve (ECC) support. More potential cards are listed on the OpenSC page here.
Choice of card reader
The technical factors to consider are most easily explained with a table:
| On disk | Smartcard reader without PIN-pad | Smartcard reader with PIN-pad | |
|---|---|---|---|
| Software | Free/open | Mostly free/open, Proprietary firmware in reader | |
| Key extraction | Possible | Not generally possible | |
| Passphrase compromise attack vectors | Hardware or software keyloggers, phishing, user error (unsophisticated attackers) | Exploiting firmware bugs over USB (only sophisticated attackers) | |
| Other factors | No hardware | Small, USB key form-factor | Largest form factor |
Some are shortlisted on the GnuPG wiki and there has been recent discussion of that list on the GnuPG-users mailing list.
Choice of computer to run the clean room environment
There are a wide array of devices to choose from. Here are some principles that come to mind:
- Prefer devices without any built-in wireless communications interfaces, or where those interfaces can be removed
- Even better if there is no wired networking either
- Particularly concerned users may also want to avoid devices with opaque micro-code/firmware
- Small devices (laptops) that can be stored away easily in a locked cabinet or safe to prevent tampering
- No hard disks required
- Having built-in SD card readers or the ability to add them easily
SD cards and SD card readers
The SD cards are used to store the master private key, used to sign the certificates/keys on the smart cards. Multiple copies are kept.
It is a good idea to use SD cards from different vendors, preferably not manufactured in the same batch, to minimize the risk that they all fail at the same time.
For convenience, it would be desirable to use a multi-card reader:
although the software experience will be much the same if lots of individual card readers or USB flash drives are used.
Other devices
One additional idea that comes to mind is a hardware random number generator (TRNG), such as the FST-01.
Can you help with ideas or donations?
If you have any specific suggestions for hardware or can help arrange any donations of hardware for Outreachy interns, please come and join us in the pki-clean-room mailing list or consider adding ideas on the PGP / PKI clean room wiki.