Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allowing key import #10

Closed
frankmorgner opened this issue Oct 18, 2016 · 4 comments
Closed

Allowing key import #10

frankmorgner opened this issue Oct 18, 2016 · 4 comments

Comments

@frankmorgner
Copy link

What's the reason for the key import being disabled by default (https://github.com/philipWendland/IsoApplet/blob/master/src/net/pwendland/javacard/pki/isoapplet/IsoApplet.java#L62)?
@philipWendland
Copy link
Owner

I discourage its use. I don't think that this is the right way to use a smart card.

From the Wiki:

Private key import

DEF_PRIVATE_KEY_IMPORT_ALLOWED (default: false): Configure whether it is allowed to import usable private keys. If allowed, you can use pkcs15-tool --import-key to import any off-card created private key to your smartcard.

Attention! Importing private keys is not recommended. The key generation process is the weakness of asymmetric cryptography. The data transmission channel to your smartcard is not encrypted. In some circumstances, an attacker could sniff your private key while you import it to your smartcard. An attacker could also read your private key even before it is imported to the smartcard. For that reason I recommend to use the on-card key pair generation feature of the applet. If the key is generated on the card, and never leaves your card (because cryptographic operations using that key are performed directly on the smartcard - that is the reason for smartcards!), chances are lower that the key is compromised. However, there are circumstances that could require you to safely keep a copy of the private key in order safeguard yourself from locking of the applet or destruction of the card. In this case, you can use the private key import feature, and I presume you know what you are doing.

@frankmorgner
Copy link
Author

This should be a choice made by the user.

Personalization is always a critical process whether the key is imported or not. If you're generating the key on the card you still need to make sure that you're not issuing a certificate for an other key. If you have those technical and organizational measures in place then you could use to secure the process for externally generating a key and importing a key to the card.

@lucasperin
Copy link

I disagree. I think this option should be done by the card provider/developer.
If the user wishes to have a card that allows imported keys and he knows what he is doing, then he should ask for a card for this specific purpose. Allowing user to have high customization options for a cryptographic card is shooting yourself in the foot. The user generally doesn't know what he is doing and will blame your or your company for providing "insecure" services.

"DEF_PRIVATE_KEY_IMPORT_ALLOWED (default: false)" is the right choice when sharing this applet on github. You can fork it and change it if you must.

@philipWendland
Copy link
Owner

I agree with @lucasperin.
However, i might consider your input @frankmorgner if I find the time to extend the IsoApplet with a SO PIN or similar.

@JerryXu321 JerryXu321 mentioned this issue Jan 25, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@frankmorgner @philipWendland @lucasperin