[guardian-dev] using a g10 smartcard for our APK signing key

Abel Luck abel at guardianproject.info
Thu Nov 14 06:58:59 EST 2013


Hans-Christoph Steiner:
> 
> I was thinking that we should use one of these OpenPGP smartcards for the
> signing key we use for signing our official APK releases.  They are supposed
> to work for X.509 keys as well.  Anyone have an experience using jarsigner and
> keytool, or Android even, with these smartcards?
> 
> They also promise that it is not possible to read the secret key off of them.
>  I wonder if that promise is strong enough that we could plug one of these
> into our nighlty build server so that our nightly builds would share the same
> key as the official releases.
> 
> .hc
> 

Interesting idea. Though even if it was impossible to read the secret key off, for the
system you proposed to work, the card must remain plugged in unattended with no PIN
protecting the key.

If the box was compromised or the smartcard physically stolen/accessed, the attacker could
sign anything.

I guess it depends on what we asses our physical security threats to be and whether we we
are worried about the automated build server being compromised and renegade builds signed.

~abel


More information about the Guardian-dev mailing list