Why are smart cards better than passphrase-protected key files?

Good cryptography is not broken, it is bypassed. It is not possible, with current technology, to break a 2048-bit RSA key; the mathematics behind such a key are sound. The much more obvious attack vector is to bypass the secure mathematics entirely by stealing the secret key file and either sniffing or brute-forcing the passphrase. This is the threat model that smart cards protect against.

How does the smart card protect the secret key?

The secret key on the card is a write-only data object. Once the key is generated or stored on the card, there is no way to read it back out.

The cards we are using are manufactured by NXP; they are the J2A040 and J3A040 cards. These cards have gone through a Common Criteria security evaluation and are certified to be secure to the level of EAL5+. Additionally, NXP incorporates into these chips technologies aimed at defeating simple and differential power analysis, timing and fault attacks.

Is the card open source?

Absolutely! The SIGILANCE OpenPGP Smart Card runs a fork of the Yubikey NEO OpenPGP applet, and you can inspect the source code here. This fork was initiated after the 1.0.9 security vulnerability was addressed; SIGILANCE OpenPGP Smart Cards were not affected by this vulnerability.

What are the differences between the Yubico OpenPGP applet and the SIGILANCE fork?

You can view a diff of the changes here. The SIGILANCE fork fixes a confusing error message and adds support for the private use data objects defined in the OpenPGP specification. These changes have been submitted to Yubico in case they wish to adopt them. Additionally, the SIGILANCE fork adds a line of code to set the historical bytes of the smart card, something that is not necessary on the Yubikey NEO.

Why RSA-2048?

The SIGILANCE OpenPGP Smart Card is built on the JavaCard 2.2.2 platform, which only supports RSA up to 2048 bits. Longer RSA sizes are available on other platforms, like BasicCard, but operations with longer keys take longer; on a BasicCard, going from a 2048-bit key to a 4096-bit key increases the time to decrypt an email from a half a second to upwards of 3.5 seconds. Especially when decrypting a long email thread, this is a major hit to usability.

How secure is RSA-2048?

Very secure. As background, an RSA-768 modulus was factored in 2009. This is the largest factorization to date, and it took 1500 computer-years of processing. RSA-1024 is 1,000 times more difficult than RSA-768, which means factoring a 1024-bit RSA key would take 1.5 million computer-years. RSA-2048 is 4.3 billion times harder to factor than RSA-1024. It would take approximately 6.4 quadrillion computer-years to factor a 2048-bit RSA key.

How secure is the NFC interface?

The protection around the NFC interface is more physical than cryptographic. That is to say: at this time there is no encryption of the data going over the NFC interface. Transmissions from the smart card to the Android device can be picked up by specialized equipment to a distance of a few centimeters. Transmissions from your Android device to the card can be picked up to a distance of a few meters. A dedicated attacker in the same room might be able to detect your PIN; a dedicated attacker sitting next to you might be able to intercept decrypted session keys. Still, your secret key material is not at risk in this scenario.

These attacks only apply while you are actively using the card; when the card is sitting in your wallet, the primary concern is a denial of service attack (an attacker entering wrong PINs to lock you out of your card). The attacker would still require close physical proximity, and you can mitigate the risk of this kind of attack by using the RFID-blocking card protector that is included with your NFC-enabled SIGILANCE card.

Speaking personally: I tend to only use the NFC interface when I am at home, and not in a public place like a train or a coffee shop. You must evaluate whether this is acceptable for your individual security needs. If you believe you are at risk for such an attack, you may wish to use a contact-only card, along with a smart card reader.

What if I have a question that is not answered here?

Feel free to get in touch: help@sigilance.com