Mailing List Archive

Communication with card reader encrypted?
When I decrypt a file using an OpenPGP card, is the communication
between a USB card reader and the GnuPG daemon encrypted? Or: Is the
decrypted session key sent unencrypted through the cable?

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Communication with card reader encrypted? [ In reply to ]
Hi.

Am Samstag, den 25.08.2018, 21:25 +0200 schrieb Felix E. Klee:
> When I decrypt a file using an OpenPGP card, is the communication
> between a USB card reader and the GnuPG daemon encrypted? Or: Is the
> decrypted session key sent unencrypted through the cable?

This is a really interesting question. But, does this really matter got
an USB device? If there is a program on your computer, which interceps
the communication, the security of you system is already broken. So the
decrypted file itself could/would be read by a third party. The session
key is, in this moment, the least problematic thing on your system.

But, regardless of this, it is an interesting question.

Werner, please tell us. ^^

Regards,
Dirk

--
Dirk Gottschalk
Paulusstrasse 6-8
52064 Aachen, Germany

GPG: DDCB AF8E 0132 AA54 20AB B864 4081 0B18 1ED8 E838
Keybase.io: https://keybase.io/dgottschalk
GitHub: https://github.com/Dirk1980ac
Re: Communication with card reader encrypted? [ In reply to ]
On Sun, Aug 26, 2018 at 12:31 AM, Dirk Gottschalk
<dirk.gottschalk1980@googlemail.com> wrote:
> This is a really interesting question. But, does this really matter
> got an USB device? If there is a program on your computer, which
> interceps the communication, the security of you system is already
> broken.

I am more thinking about a hardware attack. If the communication is not
encrypted, this opens another attack vector. For comparison, think about
[key loggers][1]. Putting a hardware logger somewhere between the USB
peripheral device and the computer is potentially easier and quicker
than tampering with either the peripheral device or the computer.

Background: I want to put my SCM SPR332 v2 card reader into a different
enclosure, so that it’s more portable for [use with my mobile phone][2].
The very long cable also needs to be replaced. One option is to add a
USB port to the reader so that arbitrary cables can be used. This
thought coincided with me reading about [doctored USB cables][3]. I
don’t want to be required to trust three devices: phone, reader, and now
cable

[1]: http://www.taz.de/!5307828/
[2]: https://gist.github.com/feklee/92f76d2c8a7cabc477360d82b5305c19
[3]: <https://www.heise.de/security/meldung/USBHarpoon-Gefaehrliche-USB-
Ladekabel-vorgestellt-4142285.html>

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Communication with card reader encrypted? [ In reply to ]
On 25/08/18 21:25, Felix E. Klee wrote:
> When I decrypt a file using an OpenPGP card, is the communication
> between a USB card reader and the GnuPG daemon encrypted?

The OpenPGP smartcard and generic smartcard protocols do define "Secure
Messaging", but I don't think this is commonly used for cabled OpenPGP
smartcards. So: no, I think in most cases data is unencrypted in USB wires.

On 26/08/18 09:48, Felix E. Klee wrote:
> This thought coincided with me reading about [doctored USB
> cables][3]. I don’t want to be required to trust three devices:
> phone, reader, and now cable

I think you'll need to trust the cable anyway, since a malicious USB
device by someone with the means and motivation to attack your OpenPGP
smartcard will most likely be able to compromise your phone instead.
Securely using cryptography on a compromised operating system is simply
impossible.

So in the end, it doesn't seem to make a difference: if the cable is
malicious, you're done anyway.

Even if it were encrypted, I think we still need to think about
man-in-the-middle resistance of Secure Messaging. I think there's a
distinct possibility it is only meant to thwart passive attacks, but I
haven't looked into it.

HTH,

Peter.

--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
Re: Communication with card reader encrypted? [ In reply to ]
On Sun, Aug 26, 2018 at 10:41 AM, Peter Lebbing
<peter@digitalbrains.com> wrote:
> The OpenPGP smartcard and generic smartcard protocols do define
> "Secure Messaging", but I don't think this is commonly used for cabled
> OpenPGP smartcards.

Would be interesting to find out.

> I think you'll need to trust the cable anyway,

Well, if the cable is soldered to the reader, then it’s much harder to
tamper with. Swapping a replaceable cable requires much less effort.

Concerning key loggers for comparison: It is possible that the [attack
at TAZ][1] would not have happened had the attacker to tamper with the
victim’s keyboards, their computers, or their software.

I would not be surprised if you can find USB cables on Alibaba that
include sniffers and multiple GBs of flash memory for logging
everything, for debugging of course. ;)

[1]: http://www.taz.de/!5307828/

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Communication with card reader encrypted? [ In reply to ]
On 26/08/18 11:12, Felix E. Klee wrote:
>> I think you'll need to trust the cable anyway,
>
> Well, if the cable is soldered to the reader, then it’s much harder
> to tamper with. Swapping a replaceable cable requires much less
> effort.

I meant: even if the communication were encrypted and protected against
men in the middle, you still cannot use a compromised cable, ever, since
the compromised cable will compromise your entire phone instead of the
encrypted communication.

So avoiding the need of a separate cable altogether is indeed a
possibility if you're concerned about this. However, you'll need to
avoid cables for anything you plug into your phone, not just for your
smartcard reader. If instead you just store your charger, its cable and
your smartcard reader together, you can use that one cable for both
charging your phone and using the smartcard reader. And clearly you'll
need to protect all these parts against tampering, not just the
smartcard reader, regardless of whether your smartcard reader has a lead
or not.

> [...] logging everything, for debugging of course. ;)

Nah, for getting back that data you accidentally deleted ;-).

HTH,

Peter.

--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
Re: Communication with card reader encrypted? [ In reply to ]
On Sun, 26 Aug 2018 00:31, gnupg-users@gnupg.org said:

> decrypted file itself could/would be read by a third party. The session
> key is, in this moment, the least problematic thing on your system.

Right. We assume physical security. The connection between the card
reader and the host is not encrypted because that would require a key
setup first and that would also be subject to key logging. Or you need
to configure a session key on the host and on your reader. That would
be very inconvenient.

Communication between the host and the _card_ can indeed be encrypted
but that is subject to the same problem. The common use case for this
is to encrypt the communication between the card and a remote host
utilizing the card (e.g. ATM and bank) but that a preshared key etc. has
already been setup.


Salam-Shalom,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
Re: Communication with card reader encrypted? [ In reply to ]
Thanks for clarification!

On Mon, Aug 27, 2018 at 11:51 AM, Werner Koch <wk@gnupg.org> wrote:
> The connection between the card reader and the host is not encrypted
> because that would require a key setup first and that would also be
> subject to key logging.

The host could provide a public encryption key to the card reader. Of
course:

* With a tampered USB cable, there still would be attacks possible,
though different ones. That is, unless the reader can know the
identify of the host, which would again require a priori exchange,
so nothing gained.

* This is very likely not part of the existing API (PC/SC?).

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users