[1146] in cryptography@c2.net mail archive
Is PKCS#11 broken, or is it just me?
daemon@ATHENA.MIT.EDU (Marcus Leech)
Wed Jul 2 15:54:58 1997
From: "Marcus Leech" <mleech@nortel.ca>
To: cryptography@c2.net
Date: Wed, 2 Jul 1997 14:29:48 -0500 (EDT)
I've been looking over the PKCS#11 V2.0 document, and I've come to the
conclusion that it's broken.
My understanding of the way it works is that the user "logs in" to the
card, using a PIN, and acquires a "session". The card, therefore, is
stateful, and presumably any process that can then get to the card
can cause it to do useful things (sign documents, decrypt files, etc).
If I were designing the interface, I'd insist that all transactions that
would need access to private-key storage in the "cryptographic module"
require a passphrase, that is used to generate the key that was used to
encrypt the private key. In this model, the "attacker" who is able
to gain access to the card (too-liberal permission on /dev/smartcard, for
example) would still be unable to do anything useful with it; they'd
need to be able to snarf the passphrase as well.
In reality, do implementors of PKCS#11 use the "PIN" as a passphrase,
and thus have the private key "in the clear" for the duration of a
login?
On a related note--does anyone have a public-domain PKCS-11 implementation
that I can play with?
--
----------------------------------------------------------------------
Marcus Leech Mail: Dept 8M86, MS 012, FITZ
Systems Security Architect Phone: (ESN) 393-9145 +1 613 763 9145
Messaging and Security Infrastructure Fax: (ESN) 395-1407 +1 613 765 1407
Nortel Technology mleech@nortel.ca
-----------------Expressed opinions are my own, not my employer's------
