SSH with GoldKey tokens on OS X (part I)

Earlier posts discussed how GoldKey tokens are compatible with PIV standard and can be used on Windows for traditional smart-card scenarios such as BitLocker  disk encryption or logon with Active Directory. This update considers a different use case with the exact same hardware, which this blogger has been piloting with Airbnb engineering team: SSH from Apple OS X. In theory this should be easier compared to the use-cases already covered. SSH authentication protocol uses raw public-keys and does not care for X509 certificates or other data-objects (such as the CHUID or security-object) defined in such exacting detail by NIST SP 800-73. If the Windows use-cases only touched on a small subset of PIV capabilities (for example, only the PIV authentication certificate and keys are involved in domain-logon or TLS client authentication) SSH calls for even less functionality.

Middleware all the way down

The complication lies in the middleware. Applications such as SSH or a web browser are rarely written with one particular model or brand of cryptographic hardware in mind. Instead they pursue broad compatibility by accessing such hardware using an interface that abstracts away implementation quirks, communication interfaces and specific commands syntax required to perform high-level operation such as signatures. As long as software exists that conforms to this interface– typically authored by the hardware vendor– the card/token/gadget in question can be transparently used for all of the same code paths.

One problem is that this magical interface is not standardized across platforms or even applications on the same platform. For example on Windows, preferred way of exposing cryptographic hardware to the platform is via smart card mini-drivers, a proprietary standard defined by MSFT. Not to be left behind, Apple has its own proprietary interface called “tokend” for the same purpose. Just in case one suspected this reinvention of the wheel was confined to closed platforms, openssl also defines its own abstraction called engines.

The closest any interface can be said to have at least aspired towards “standard” status is PKCS #11. PKCS stands for Public-Key Cryptography Standards, a series of specifications developed by RSA (now owned by EMC) in the early 1990s. While some specifications were later published as RFCs in the spirit of a true modern standard, others remained under RSA control or turned over to other private industry consortia. Among these standards, PKCS #11 is titled “cryptographic token interface.” It defines a fixed API to be implemented in a “module” for each type of cryptographic hardware, providing a uniform way for developers to access the underlying functionality. (Somewhat confusingly there is also PKCS #15, which defines low-level functionality and communication protocol for an on-card application implementing cryptographic functionality. PKCS #11 does not assume that the card application complies with PKCS #15; it is a higher-level interface designed to hide away those details.)

Luckily openssh— the popular implementation of SSH protocol shipping with OS X and many Linux flavors– has settled on PKCS #11 for its choice of hardware abstraction. Returning to the problem of using a GoldKey for SSH, as long we have a suitable PKCS #11 module this scenario is theoretically supported. Even better this module need not be specific to the GoldKey or depend on GoldKey corporation to write a single line of code. Since the token closely (but not exactly) follows the widely used US government PIV standard, generic middleware developed for traditional PIV scenarios– government, defense, enterprise– is sufficient.

“Macintrash” problem for smart-cards

Windows users might be forgiven for assuming such middleware must already exist in the OS. After all PIV middleware (albeit in the form of mini-drivers rather than PKCS #11) has shipped out-of-the-box starting in Windows 7 in 2009. No additional software is necessary for the operating system or any application to use PIV cards, effectively plug-and-play for cryptographic hardware. Credit for that level of convenience goes to commercial pressure from US federal contracts requiring PIV support, a key constituency that MSFT could not afford to ignore. OS X on the other hand has never aspired to be an enterprise-grade platform. To the extent that it has found acceptance in enterprise and government sectors, that success appears to have been in spite of Apple. Not surprisingly then, OS X has the worst smart-card support among the triumvirate of major desktop OS platforms. Apple even went so far as to remove the built-in tokend in OS X 10.7 Lion that once enabled CAC/PIV cards support, ceding that ground to third-party providers such as Thursby.

OpenSC to the rescue

Since there is no built-in PIV support in contemporary OS X, first order of business is locating alternative middleware. While there are commercial third-party offerings for PIV on OS X, there is also a popular open-source option with an extended track record: OpenSC. This cross-platform project provides a PKCS #11 module compatible with PIV standard as well as tokend and openssl engines for additional use cases.

The remaining posts in this series will describe the end-to-end process (including provisioning of PIV credentials, which is tricky because standard PIV does not grant card-holders this privilege) for getting this scenario working with opensc.



Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s