Author

Topic: Smart card selection (Read 1374 times)

newbie
Activity: 42
Merit: 0
May 12, 2013, 07:12:11 PM
#6
There's BasicCard and OpenPGP cards. Im not sure they got what you want. I think the OpenPGP cards are like 15 euros apiece though. BasicCards are a lot cheaper
hero member
Activity: 623
Merit: 500
CTO, Ledger
May 11, 2013, 04:06:55 AM
#5
yes if you're not looking for something fully certified you can evaluate our solution - if you're attending Bitcoin 2013 you can grab a sample there otherwise PM me your details and I'll send you one.
newbie
Activity: 16
Merit: 0
May 11, 2013, 03:53:15 AM
#4
Huh, just read your sig. I suppose that's another option, too.  Smiley
newbie
Activity: 16
Merit: 0
May 11, 2013, 03:52:00 AM
#3
Do you mean smart card or HSM here ? (I wasn't aware that SafeNet was producing any card, but I might be wrong here).

They make a variety of cards and USB tokens. An HSM is overkill and way too expensive for my use case. Really I'm just looking to generate and store my private keys in a smart card. I'm looking for certifications mostly as a stand-in for satisfying my personal paranoia; I'm not looking to do any commercial development with them at this phase.

The main issue you'll see with most (all ?) smart card implementations is that while the hardware has some kind of certification, the software is not fit for Bitcoin specific use case, if you want to fully support the protocol onboard - in the easiest use case (Java Card) you'd need a way to perform a signature over the secp256k1 curve with SHA 256, which is not something provided by the Java Card standard. There are a few proprietaries implementation though - (you can search for ALG_ECDSA_SHA256 on Google) - but I'm not sure they are easy to obtain, and it would most likely lock your implementation to a single provider.

I'm afraid other options to get a certified product are pretty long and costly (again, if you want to fully support the protocol onbard) - you'd work on a certified hardware, implement a certified ECC signature on top of it, then the Bitcoin application (which might change frequently considering the standard is not frozen, another issue for the certification). Before that you need to define your certification profile.

I'd also stay away from a pure Java Card ECC crypto implementation considering it'd be very slow and pretty much vulnerable to side channel attacks as well as more intrusive attacks.

Another approach (the one we chose) can be to design a non certified application on certified hardware, which is IMHO good enough for the time being (i.e. better than everything else using non certified hardware from a security point of view, and ready for certification in case someone is interested enough to jump through all hoops) - in this case, you'll need to pick the hardware platform - pretty much all usual vendors will offer something certified at the hardware level - then buy/design yourself the crypto library (the hardware will only provide you accelerated modular arithmetic operations), then design yourself the Bitcoin application.

This is helpful, thanks. I'm hoping for something with an actual implementation, because I'm comfortable writing a PKCS#11 application, but less so making with implementing actual cryptographic operations - I'm certain to get it wrong somehow.

I'm thinking I'll send an inquiry to SafeNet and see whether they support the curves and the specific mechanism I need. Of course, I have no idea how one goes about buying a small quantity of *anything* from these guys.
hero member
Activity: 623
Merit: 500
CTO, Ledger
May 11, 2013, 02:19:59 AM
#2
Do you mean smart card or HSM here ? (I wasn't aware that SafeNet was producing any card, but I might be wrong here).

The main issue you'll see with most (all ?) smart card implementations is that while the hardware has some kind of certification, the software is not fit for Bitcoin specific use case, if you want to fully support the protocol onboard - in the easiest use case (Java Card) you'd need a way to perform a signature over the secp256k1 curve with SHA 256, which is not something provided by the Java Card standard. There are a few proprietaries implementation though - (you can search for ALG_ECDSA_SHA256 on Google) - but I'm not sure they are easy to obtain, and it would most likely lock your implementation to a single provider.

I'm afraid other options to get a certified product are pretty long and costly (again, if you want to fully support the protocol onbard) - you'd work on a certified hardware, implement a certified ECC signature on top of it, then the Bitcoin application (which might change frequently considering the standard is not frozen, another issue for the certification). Before that you need to define your certification profile.

I'd also stay away from a pure Java Card ECC crypto implementation considering it'd be very slow and pretty much vulnerable to side channel attacks as well as more intrusive attacks.

Another approach (the one we chose) can be to design a non certified application on certified hardware, which is IMHO good enough for the time being (i.e. better than everything else using non certified hardware from a security point of view, and ready for certification in case someone is interested enough to jump through all hoops) - in this case, you'll need to pick the hardware platform - pretty much all usual vendors will offer something certified at the hardware level - then buy/design yourself the crypto library (the hardware will only provide you accelerated modular arithmetic operations), then design yourself the Bitcoin application.





newbie
Activity: 16
Merit: 0
May 11, 2013, 01:54:17 AM
#1
Hi there,

I'm trying to pick a hardware token / smart card that supports the elliptic curve used in Bitcoin (secp256k1). I'm having some trouble finding one - I've seen SafeNet's smart card that claims to have p256, but my understanding is that that named curve is slightly different than the one needed here. I thought I saw a JavaCard software implementation floating around somewhere, but random unvetted crypto implementations make me nervous.

Can anyone recommend a solid smart card or hardware token that has FIPS / CC certification with support for secp256k1?
Jump to: