Your Own Personal Enclave: The Smart Card Reader on the Librem 5


#1

We recently got the smart card reader functioning on our Librem 5 Dogwood batch and I realized we haven’t talked much yet about the smart card reader. In this post I will discuss why we decided to add an OpenPGP smart card reader to our phones and how we intend to use it.


#2

That is a pretty interesting read, I have never really used OpenPGP or smart cards before but now I am thinking about using it with my L5. When you say that you got it working on a Dogwood, does that mean that the software was updated to allow it to work or were there hardware changes between Chestnut and Dogwood that were required? I have a Chestnut, so I was just wondering if the smart card reader on it should work.

Also, does Purism have a recommendation for a good smart card to buy? (I did do a little searching for recommendations by Purism but I certainly could have missed something)


#3

I really like the article. The persona approach is interesting. I wonder if one could just store e.g. two home directories on the main internal disk and depending on what smart card was inserted it decyphers the one which matches and mounts this one. This way you would not need to switch a micro sd card for your traveling persona. This way you can comply at customs as described and once you are pass customs download your second gpg key from your computer at home and re-create your non traveling persona.

As you described the downsides of the secure enclaves you also mentioned that system firmware, software is verified. Would this also be an option for the smartcard? So that e.g. when booting the system has to proof to the smartcard that the non encrypted software is ok? I guess we won’t need a control if the software we want to install checks out, as this is already done by apt.


#4

The risk with this approach is similar to the risk with a standard smartphone with disk encryption–in some countries you might be compelled to decrypt all encrypted volumes in extreme cases and if you carry all personas at all times the sensitive personas would still be at risk. Saying “I literally cannot decrypt this at this time because my smart card is at home” might prevent them from accessing the data then, but it could also lead to their confiscating the phone, detaining you, or preventing you from crossing the border altogether (or all of the above).

The safest approach when it comes to travel is one where you can fully comply with a search request (including unlocking a screen/decrypting a drive) and still lose no sensitive data.

This wouldn’t be an option for the smart card, but we intend to port PureBoot functionality like we have on our laptops to the Librem 5 in the future (it probably won’t be ready by Evergreen launch). In that case it would work like it does on Librem laptops, you would boot the phone w/ the Librem Key inserted (via a USB-A->USB-C adapter for existing Librem Keys) and see whether the Librem Key blinked green or red.

This can’t be done with the smart card by itself because it requires additional software to perform the HOTP algorithm that we have programmed onto the Librem Key.


#5

Thanks for the reply. Understood the problem with not fully complying - good point. In this case I guess the plan would be to do it as described in your post and then ssh/sftp back home to get everything which should not have passed customs.
I don’t travel a lot outside of Schengen, but I guess for someone crossing international borders a lot, just having to switch the sd, smart and sim card seems really convenient. Looking forward how all this works in the end :slight_smile:


#6

@Kyle_Rankin: Thank you for the article, this is very good, interesting, and inspirating.

But i confused a bit: When i create a private key, and i store it on the smart card, the private key cannot be read anymore, right?
I can use the saved private key for authenticating, or crypt/encrypt, but i (or anybody) cant read as text file, so nobody can brute forcing the file, right?
In this case, how can i backup the smart card?
I confused, because if i can copy the private key file to an other smart card, then i can read the file.

How working this? Can i create a backup smart card anytime, or i can backup only at the time when i generate the private key via copy the key file to all smart cards before i delete from the file system?


#7

@Ylegreg since a smartcard behaves almost the same as the librem key you might want to look at that documentation.
I think your question regarding backups is explained here.
And yes you need to do the backup during smartcard setup. If you don’t backup the keys before you copy them to the librem key/smartcard/yubikey/nitrokey they are gone.


#8

Thank you! I now understand. :slight_smile:


#9

Will it be possible then to hand your locked Librem 5 to any government on earth and say accurately “hit this with everything you’ve got to crack in. Use a supercomputer. Use a Quantum computer. It doesn’t matter what you throw at it. You’re not getting in. Only I can get in.”


#10

chances are that for most of us that won’t be necessary … besides if you’re under lockdown where will you travel to that will get you into a position like that ?


#11

Possible, yes. (You can absolutely do that with this or any other phone)
Advisable and accurate, no.

Time is the number one enemy of encryption in my experience. So even if you’re the only one who knows everything about the encryption, with enough time and effort it will be defeated.

Separate from that, why would a government hit the phone with a supercomputer when it can lock you in a hole in the ground until you comply and open it up?

As @Kyle_Rankin stated earlier, it’s best to be able to comply completely.


#12

worse things have happened … knock on wood :sweat:


#13

But “time” could very well equate to “millennia.”


#14

hi folks! :slight_smile:

5.2 and 5.18 are the most important here

also, u can search for steganography, but thats a subject of the previous stuffs, however there are also techniques to hide (encrypted) data into pics and videos, but the name of that doesnt come into my mind, probably just try “data hiding” :smiley:

btw the usa border is a subject of this, and i think it is the best to leave behind important stuffs or make them reachable online in a strongly encrypted form…

however what came into my mind is what if i just say them something like “hey bruhh, im totally into security and stuffs, like having blackbelt and all, what do u expect from unlocking anything? have u ever heard about the internet where ppl can access things, for example their own authenticated and encrypted stuffs that nobody will ever know they left there or accessed? then what on earth mr officer?” X’D they will say that protocol is protocol, show them my cute kitten memes and dicspics for the common good.

btw u will need to set up some fake 2ndary accounts with some updates under every 2nd constellations, and that can be revealed any time and then they will be the most happy, otherwise they would still suspect u and then do whatever… but still… showing them cute kittens fake accounts and what not on a librem with 1337h4xx02 stickers on it will make them think… the other day i got bored and checked out /g/ and anon have told us there that the real red pill is the blue pill and that is when u learn to roll with it and stay into the line and having a life :smiley: not following the commands blindly will leave traces and arise questions… so far now i lived in a belief that learning things makes life hard as it grows the surface of the yet unknown and sets up more (personal?) rules to follow, and this way while u earn keys to life by doing so, u will also collect weights into ur pockets … however this is a one direction way, not even lobotomy can really help anything, u will still need to learn, just yet again from more-or-less steps behind… one can have much easier life without knowing anything about security, big broter, whatever and co., but they will have their really bad headaches sometimes and they will live a happy life til one day all the missed preparation for life will pay off, and that can even be a game over… those ppl have the parallelism with “fat stock” for a reason… but right, its better to finish it here for now :smiley:

bests to all! :slight_smile:


#15

Do not comply —

Resist the :pig:!

I think the word you are looking for is “steganography”. :closed_lock_with_key::wink:


#16

lulz thx! :smiley: ive thought that steganography is only when one can have multiple encrypted containers inside the same “box” (whatever) where it isnt provable that there is yet another aspect of the whole that contains the real secrets… but i think u r right :smiley:


#17

No, definitely not.

Steganography is “hiding in plain sight” i.e. no strict need for encryption at all - although it is possible to encrypt first and then hide.

What you are talking about (multiple encrypted containers) is an example of “deniable encryption”. It is a common feature of encrypted file systems. Actual implementations of deniable encryption have known weaknesses but in my view are preferable to a single layer of encryption, because of mandatory key disclosure by torture or legal torture etc.


#18

thx :slight_smile:

actually ive never played with those and just recently found them, so they are still to be discovered for me… :smiley:

otherwise i just read the blogpost, and it was already mentioned there X’D (sorry, i open the links and then at a later point i consume them :smiley: )


#19

Seems like a fair question from a Chestnut owner. @Kyle_Rankin ?


#20

Blockquote Will it be possible then to hand your locked Librem 5 to any government on earth and say accurately “hit this with everything you’ve got to crack in. Use a supercomputer. Use a Quantum computer. It doesn’t matter what you throw at it. You’re not getting in. Only I can get in.”

If you are talking about your phone - No I think they can probably get in - with some difficulty. However, If they think you can’t hide something, then they are simply ignorant of the truth. Let me paint a picture for you. There is a concept called a “one-time key”. Now suppose you had a file that you wanted to hide. Perhaps it was this:


an obvious way to state this picture is 00000010101010000000000… (that is just the left hand line from bottom to top - just continue the number for each column. Now seeing as we have a number, we can do mathematical functions on it. A particularly interesting function is to add a random number, because anything plus random = random! So if you add a random number, you have gibberish that no supercomputer can crack. It is indeed mathematically impossible, because there is no algorithm. The random number might be a recording of fan noises for example. All you have to do then is subtract the same random number and you have your file. So now instead of keeping a file that can be said to be something, you keep two gibberish files that are impossible to decode without bringing them together. Now we could take the two random files and encrypt them differently from each other. A supercomputer could decode one of the files eventually, but it will run into a small problem :slight_smile: The correct decryption is complete gibberish, so how do you ever know that you have succeeded? Then we bring in the concept of steganography. Hide each encrypted gibberish file in a unique noisy picture that you shot yourself and it can’t be proven (or more importantly - suspected) to be there in the first place. Now put one half of one file on an old floppy drive and one half of the other file on your smartwatch, and the final piece on your phone - all legit working pictures. I think you can say that only a supreme being would stand a chance. Of course all the programs necessary are readily available for free! So in short the governments of this world are idiots, encryption laws are bypassable and they always will be. All they are doing is endangering the protection of civilian assets (bank accounts - membership details etc.) by passing stupid encryption back door laws, they are not ever going to get the thing they think they will get.