My Hackergotchi

Updated: Never — Philip's Blog

Now featuring regular updates!

Mon, 29 Sep 2008

17:32 – Why you should distrust your Belgian eID card

Wouter blogs about how you can SSH with your Belgian eID card.

Unfortunately, he fails to mention that this is a very bad idea because the cards cannot be trusted.

The private key on the card has been generated by an entity that is not you and which you cannot trust for this purpose. You cannot be reasonably sure that no clandestine unencrypted copies of your private key exist under government control or under the control of a disgruntled government employee or contractor.

Rule #1 of healthy use of cryptography: generate your own keys. Trust nobody.

Do you really want to allow the government to ssh to your machine? Or the disgruntled government employee who incidently, can already impersonate you to buy a house?

If the system generating the private keys is compromised in any way, any users of the cards are fucked (to put it mildly). Your private key is "you" in a number of ways that matter quite a lot.

What about certificate revocation lists (CRLs)? I hear you cry.

Rule #2 of healthy use of cryptography: nobody ever checks CRLs. To rely on them is foolish.

Wouter's example demonstrates this rather nicely: the public key is copied to the authorized_keys file on the server directly. No CRL will ever be checked. An entry in a revocation list which is never checked will not prevent the compromised key from being used to authenticate against the system.

If any of the above scares you (which it should) I highly recommend you get the certificates on your eID revoked. Preferably, you should revoke the certificates as soon as you go to collect your eID.

Of course, revocation does not protect you against clandestine copies of the private key. Make sure you get the authority you ask to revoke your keys to sign a dated piece of paper so you can prove this later if a clandestine copy of your key is used to impersonate you.

Am I being paranoid?

Yes!

Why?

How do you feel about your "identity" being replaced by a private key which you did not generate and which you don't control? I find it incredibly scary.

[ category: /activism | 5 comments on this entry ]

Hi Philip

Did you actually get your own certificates revoked?  And if so, what did you do to get that far?

Posted by Guy at Tue Sep 30 11:35:22 2008
Guy: yes, I got my certificates revoked.  I printed out the "bijlage 10" from the Ministry of Truth (Rijksregister):

http://www.ibz.rrn.fgov.be/fileadmin/user_upload/CI/eID/3%20Instructions/nl/ao_bijlage10_attest_activering_of_intrekking_v_certif.pdf

I had to educate the smurf at the gemeentehuis about this form, but in the end they revoked the keys.  I also got them to sign a copy of the piece of the form stating that they have revoked my keys.

After the "huh? what?" it took all of ten minutes.

Posted by Philip Paeps at Tue Sep 30 13:26:43 2008
Thanks for this valuable information. I should get my eID before the end of this year, so I'm very happy to hear one can have the keys revoked. The form is saved and will soon be used to tickle the brain of a desk bunny in a city hall near you.

Posted by Tommy Bongaerts at Tue Sep 30 22:30:17 2008
Thanks Philip.  I will have mine revoked too (didn't even know it was possible).

Posted by Guy at Wed Oct 1 10:40:00 2008
The key can only be generated by the card, they can NEVER leave it.

So there's safer then the software keys you generated yourself.

And if you don't trust the fact that the card doesn't allow keys to
be written to it, then why should you trust your PC not to mail out
all of your keys during the night or so?

Paranoids, duh..

Posted by Stef at Thu Feb 19 19:41:49 2009

Name:

Email:

URL:

Comment:


Prove that you are not a spammer: