Re: Externally generated keys

Hi Marc:

> From the FAQ at http://www.ope
nsc-project.org/faq.html 
> 
> "Can I store my ssh private key on a smart card?
> 
> "Most people prefer to use a smart card with a key
that was generated on
> the card and cannot ever leave it. In fact everyone
seems to do that. So
> while it might be technically possible to convert a
private key in ssh
> format into pem format and then store it on a smart
card, until now no
> one wrote such a code, so you can't. If you really need
it, please ask
> on the mailing list...."
>
------------------------------------------------------------

> 
> Is this to say the card cannot accept any externally
generated private
> keys?

No, it just says that storing a private key that was
generated by
OpenSSH (or PuTTY) cannot be stored into a smartcard with
OpenSC
since OpenSC can only store keys on smartcards that were
saved
in PEM- or DER-Format.

There are two possibilities:

1) Create a private key with OpenSSL. This key will be in
PEM-format
and OpenSC will be able to store it into a smartcard. Also
OpenSC
will be able to read the public key from your smartcard and
store
it in either PEM-, DER- or SSH-format.

2) Create a private key with OpenSSH (or PuTTY). Convert
this key
into PEM- or DER-format and store it into your smartcard
with
OpenSC. Most likely you must write the conversion program
yourself.

> I would be uncomfortable letting any closed-source
application, such as
> firmware on a card, generate a key for me.  Even more
so, as I read that
> many cards have no hardware random number generator and
in essence
> generate keys from their serial numbers.  This feels
like walking
> directly into a trap.

If you don't trust the key-generation mechanism within your
smartcard
you should not use smartcards at all. If there were
smartcards out there
that generate keys based on their serial number than those
smartcards
will also have undocumented commands by which the NSA can
read your
private key out of your smartcard. Such a card would be
absolutely
useless. The only purpose of a smartcard is to protect your
private
key and ensure that this key key can be used only WITHIN the
card.

Of course you can ask your smartcard to create a couple of
keys and
compare them. Please let us know if you own a smartcard that
"generates"
the same key over and over.

> I am a "Global War on Terror" surveillee, and
I am uncomfortably
> accustomed to being monitored for thinly veiled
political reasons.
> 
> Another excellent reason for not generating a key on a
card is that I
> cannot have a backup.  I can hide a backup key
securely... that is, if
> the NSA didn't generate the key for me in the first
place.

If you want a backup you MUST create your key outside your
card (or
find the unddocumented commands by which you can read a
private key
out of your card)

How about using the OpenPGP card. If you don't trust closed
source
firmware than this card may be the right choice.

Peter
_______________________________________________
opensc-devel mailing list
opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel

Good morning all,

I apologize in advance if what I ask has been recently
discussed.  I'm a
newcomer, and it appears that I would have to download
several dozen
tarballs to get up to speed on this list.

------------------------------------------------------------

>From the FAQ at http://www.ope
nsc-project.org/faq.html 

"Can I store my ssh private key on a smart card?

"Most people prefer to use a smart card with a key that
was generated on
the card and cannot ever leave it. In fact everyone seems to
do that. So
while it might be technically possible to convert a private
key in ssh
format into pem format and then store it on a smart card,
until now no
one wrote such a code, so you can't. If you really need it,
please ask
on the mailing list...."
------------------------------------------------------------


Is this to say the card cannot accept any externally
generated private
keys?

I would be uncomfortable letting any closed-source
application, such as
firmware on a card, generate a key for me.  Even more so, as
I read that
many cards have no hardware random number generator and in
essence
generate keys from their serial numbers.  This feels like
walking
directly into a trap.

I am a "Global War on Terror" surveillee, and I am
uncomfortably
accustomed to being monitored for thinly veiled political
reasons.

Another excellent reason for not generating a key on a card
is that I
cannot have a backup.  I can hide a backup key securely...
that is, if
the NSA didn't generate the key for me in the first place.

Thanks to all for reading and considering,

Marc
_______________________________________________
opensc-devel mailing list
opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel

Hi Marc,

seems to me that the FAQ is out of date; openssh private
keys are in RSA 
format, which can easily be stored on a smart card/token.
You can then 
use this key with its corresponding SSH public part using
Alon Bar-Lev's 
openssh patch. I must add that I have not tried this myself


cheers,

JJK
Marc W. Abel wrote:
> Good morning all,
>
> I apologize in advance if what I ask has been recently
discussed.  I'm a
> newcomer, and it appears that I would have to download
several dozen
> tarballs to get up to speed on this list.
>
>
------------------------------------------------------------

> >From the FAQ at http://www.ope
nsc-project.org/faq.html 
>
> "Can I store my ssh private key on a smart card?
>
> "Most people prefer to use a smart card with a key
that was generated on
> the card and cannot ever leave it. In fact everyone
seems to do that. So
> while it might be technically possible to convert a
private key in ssh
> format into pem format and then store it on a smart
card, until now no
> one wrote such a code, so you can't. If you really need
it, please ask
> on the mailing list...."
>
------------------------------------------------------------

>
> Is this to say the card cannot accept any externally
generated private
> keys?
>
> I would be uncomfortable letting any closed-source
application, such as
> firmware on a card, generate a key for me.  Even more
so, as I read that
> many cards have no hardware random number generator and
in essence
> generate keys from their serial numbers.  This feels
like walking
> directly into a trap.
>
> I am a "Global War on Terror" surveillee, and
I am uncomfortably
> accustomed to being monitored for thinly veiled
political reasons.
>
> Another excellent reason for not generating a key on a
card is that I
> cannot have a backup.  I can hide a backup key
securely... that is, if
> the NSA didn't generate the key for me in the first
place.
>
>
>   

_______________________________________________
opensc-devel mailing list
opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel

On Mar 27, 2008, at 8:50 AM, Marc W. Abel wrote:

>
------------------------------------------------------------

> From the FAQ at http://www.ope
nsc-project.org/faq.html
>
> "Can I store my ssh private key on a smart card?
>
> "Most people prefer to use a smart card with a key
that was  
> generated on
> the card and cannot ever leave it. In fact everyone
seems to do  
> that. So
> while it might be technically possible to convert a
private key in ssh
> format into pem format and then store it on a smart
card, until now no
> one wrote such a code, so you can't. If you really need
it, please ask
> on the mailing list...."
>
------------------------------------------------------------


I should point out that this is bad practice for keys used
for data  
encryption, as loss or damage of the card can result in loss
of the  
protected data.  US DoD, for example, generates the
signature keys on  
card, but encryption keys off-card and securely injects
them, also  
saving them in a key escrow system.  US Federal PIV
recommends the  
same to implementers.

So if OpenSC doesn't have this capability, it sorely needs
it.

> I would be uncomfortable letting any closed-source
application, such  
> as
> firmware on a card, generate a key for me.  Even more
so, as I read  
> that
> many cards have no hardware random number generator and
in essence
> generate keys from their serial numbers.  This feels
like walking
> directly into a trap.

You might be more comfortable with FIPS 140 certified card
stock.   
Then again, you might not.  It depends on your level of
anti-USG  
paranoia.  

-- Tim

_______________________________________________
opensc-devel mailing list
opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel

Hi Marc,

Am Donnerstag, 27. März 2008 14:50:33 schrieb Marc W. Abel:
> Is this to say the card cannot accept any externally
generated private
> keys?

no. there is no tool to convert RSA keys in openssh format
to RSA keys in pem 
format. that shouldn't be difficult to implement, but so far
noone needed it 
and noone implemented it.

[generating keys on card]
there are different opinions on it, sure it is not a 0/1
decission, but a 
matter of trusting the card or the host software and other
things.
so people are free to implement the option they prefer.

> Another excellent reason for not generating a key on a
card is that I
> cannot have a backup. 

well, with openssh and friends you can quite easily: put
several keys into
the .ssh/authorized_keys file. sure, that means an extra
token / smart card
plus pin in the safe, so in case your normal breaks you have
a backup,
thus costly, but such an approach has benefits as well.

software keygen (e.g. openssl tools) and then storing the
rsa key on one
or several cards (and if you want a copy stored on a
cd/whatever in the safe),
is also fine. different people have different preferences,
no big deal.

Regards, Andreas
_______________________________________________
opensc-devel mailing list
opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel

Am Donnerstag, 27. März 2008 15:16:31 schrieb Jan Just
Keijser:
> Hi Marc,
>
> seems to me that the FAQ is out of date; openssh
private keys are in RSA
> format, which can easily be stored on a smart
card/token. You can then
> use this key with its corresponding SSH public part
using Alon Bar-Lev's
> openssh patch. I must add that I have not tried this
myself 

RSA is not a format. openssh has a format (actually two
different ones, check 
your .ssh/authorized_keys file for public keys for example),
and PEM is a 
format (from the x.509/openssl world). there is no tool to
convert openssh
format into pem format, this is what the faq is trying to
say.

has anyone a suggestion for a better formulations? best as
patch against
	h
ttp://www.opensc-project.org/svn/web/trunk/faq.php
that is a svn repo you can check out to see the source
files

Regards, Andreas
_______________________________________________
opensc-devel mailing list
opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel

Am Donnerstag, 27. März 2008 15:23:59 schrieb Timothy J
Miller:
> I should point out that this is bad practice for keys
used for data
> encryption, as loss or damage of the card can result in
loss of the
> protected data.  US DoD, for example, generates the
signature keys on
> card, but encryption keys off-card and securely injects
them, also
> saving them in a key escrow system.  US Federal PIV
recommends the
> same to implementers.
>
> So if OpenSC doesn't have this capability, it sorely
needs it.

I believe this is a problem of key management, not of
accessing the smart 
card. Thus it should be solved in a higher level - and since
we have no real
higher level (pkcs#11 interface is pretty low level), the
problem must be 
solved in the application. 

personally I believein smart cards for authentication
purpose only, but 
neither for encryption, decryption or signing. but this is
my personal
preference, nothing more.

Regards, Andreas
_______________________________________________
opensc-devel mailing list
opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel

The very first implementation of ssh with smart cards was
done by Naomaru
Itoi here at CITI many years ago and did load an external
private key
instead of generating the key pair on the card.  A
descendant of that code
is shipped today with the OpenBSD version of OpenSSH.  Even
though I worked
on the code, it's been so many years I can't remember what
we did about the
openssh -> pem conversion problem.  The code is still in
the source tree if
anyone wants to investigate.  I wouldn't count on it still
working.
_______________________________________________
opensc-devel mailing list
opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel

Am Samstag, 29. März 2008 12:59:25 schrieb Jim Rees:
> The very first implementation of ssh with smart cards
was done by Naomaru
> Itoi here at CITI many years ago and did load an
external private key
> instead of generating the key pair on the card.  A
descendant of that code
> is shipped today with the OpenBSD version of OpenSSH. 
Even though I worked
> on the code, it's been so many years I can't remember
what we did about the
> openssh -> pem conversion problem.  The code is
still in the source tree if
> anyone wants to investigate.  I wouldn't count on it
still working.

the openssh format (or at least the public key file) is
plain simple, so I 
guess writing a converter should easy.

with an opensc head I't also like to point out: openssh is
one of very few 
applications that use smart cards / opensc without pkcs#11
layer.
pkcs#11 applications usualy look for a certificate and then
for the
private key associated with it. so even if you convert some
rsa
public/private key pair and store it on a smart card, you
need to create
a certificate for that key and store it on the card too - at
least for all the
other applications. thats why starting with a certificate
etc. is easier for 
most.

Regards, Andreas
p.s. self signed certificate is completely ok, only server
config e.g. apache
is more difficult with that.
_______________________________________________
opensc-devel mailing list
opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel