7

Using the Yubikey 4 as an OpenPGP smartcard with GnuPG: How is the user PIN and user passphrase secured?

In case a sophisticated attacker with physical access to the Yubikey 4 manages to physicaly extract the private-key under the microscope without knowing the user PIN and user passphrase:

  • What encryption (cipher, mode, hashing, etc.) is in place at this "last resort" to protect the private-key?

  • Is this very last cryptographic barrier made from GnuPG code or does the Yubikey manufacturer coded his own version?

    • Since Yubikey 4 states its a compatible OpenPGP smartcard - does it mean it has the same PIN/passphrase protection as the G10 Smartcard?
Jens Erat
  • 23,446
  • 12
  • 72
  • 96
user3200534
  • 851
  • 8
  • 19

1 Answers1

2

Given there was a bug allowing you to use the private key without the PIN (passphrase) being validated, I derive the card does not actually encrypt the private keys (like it would have been done when using "normal" keys with passphrase protection with GnuPG):

The source code contains a logical flaw related to user PIN (aka PW1) verification that allows an attacker with local host privileges and/or physical proximity (NFC) to perform security operations without knowledge of the user’s PIN code.

I'm not aware this changed, but only the verification was fixed in current releases. With other words, the secret keys on a YubiKey are stored unencrypted, and sophisticated attackers able to read the key's storage are able to extract the unencrypted private keys.

Jens Erat
  • 23,446
  • 12
  • 72
  • 96
  • 1
    This security flaw affected only Yubikey NEO (!) and since you can't re-flash the firmware, the company offered a replacement of the affected devices. --- My question is regarding the Yubikey 4. There is no such flaw affecting Yubikey 4, from what I read. – user3200534 Jan 03 '16 at 19:50
  • This very special bug indeed only affects given versions for the YubiKey Neo, but there is no indication anything changed with respect to encrypted storage of keys. The nature of the bug implies unencrypted storage of keys on the YubiKey. The bug is not the issue anyway considering your question, you asked for whether the keys are encrypted, where the bug clearly indicates "no". – Jens Erat Jan 03 '16 at 19:57
  • But where does it say, that the key is left unprotected at the Yubikey 4 - so the PIN doesn't decrypt the key? -- It solely says, an attacker with knowledge of the PIN can use the Yubikey 4. The PIN is exposed to high risk of trojan/keylogger on the computer when you type it. – user3200534 Jan 03 '16 at 20:06
  • 1
    I have not seen any information on the Yubikey 4's applet (which will not be much different from the old ones, if different at all) that would say it now encrypts the private keys. The old ones definitely do _not_. – Jens Erat Jan 03 '16 at 20:08
  • @JensErat - I just discovered that the [Yubikey 4 applet is closed-source](http://security.stackexchange.com/questions/122959/is-the-openpgp-implementation-of-the-yubikey-4-open-source), so we will probably never know. – Jonathan Cross May 11 '16 at 14:02