[Gnuk-users] Storing Certification Key on Gnuk?

NIIBE Yutaka gniibe at fsij.org
Tue Feb 17 01:27:55 UTC 2015 

On 02/16/2015 06:23 PM, Jonathan Schleifer wrote:
>> That's the limitation of OpenPGPcard specification.  Only three
>> specific keys.
> 
> Could way maybe somehow work around this by extending it?

Certainly, extending the specification is possible and we can enhance
scdaemon of GnuPG, and the gpg frontend, accordingly.

But, with my limited knowledge (and access to documents), I don't know
exactly how we can extend the specification without breaking standards
in the industry.  I think that OpenPGPcard specification is designed
to comform those standards.

Last year, I had an attempt to put my private key for Bitcoin onto
Gnuk Token.  This would be similar to your use-case which demands more
keys than three.  At that time, I examined ISO 7816 documents and API
in OpenSC, if there are some way to support such a feature (of more
keys).  I remembered that I considered the ISO 7816 command of MANAGE
SECURITY ENVIRONMENT could be used to switch/specify a specific key:

    MANAGE SECURITY ENVIRONMENT:
    http://www.gorferay.com/manage-security-environment-command/

But I didn't go further.  Note that my interpretation of the ISO 7816
command might be wrong.

I think that the update of OpenPGPcard specification (for forthcoming
version 3) is not so far, since people want ECC much nowadays.  That
will be a good opportunity to discuss the specification.  Please stay
tuned on gnupg-devel.

NIIBE Yutaka <gniibe at fsij.org>:
> We have a physical hardware limit of 20KiB RAM of STM32F103, and I
> think that it's the main factor for Gnuk.  When all three keys are
> loaded into RAM, memory pressure is high.

On Jonathan Schleifer wrote:
> Wait, the keys are constantly kept in RAM? Is that really necessary?

That's the way of current Gnuk implementation.

For signing key, raw private key is loaded onto RAM, at the time of
PIN authentication.  It remains on RAM, if you don't specify your
preference unloading every time.  If you specify the "forcesig"
feature at your personalization of the token (this is default), it's
loaded every time at PIN authentication, and it's unloaded after
generation of signature.

For decryption private key and authentication private key, it remains
on RAM, after PIN authentication.

I think that something like this is required for any OpenPGPcard
implementations.  Either keeping PIN (or its hash) to decrypt
encrypted private key, or keeping raw private key.  That's because
smartcard/token should be ready to compute signature or to decrypt
message after PIN authentication.
--

More information about the gnuk-users mailing list