OpenSC icon indicating copy to clipboard operation
OpenSC copied to clipboard

Published 20 hours ago verified publisher icon OpenSC

Avoid on-disk cache for private data?

Open frankmorgner opened this issue 4 years ago • 6 comments

Problem Description

In discussing https://github.com/OpenSC/OpenSC/issues/2208, on-disk file caching was suggested to speed up initializing the card. This is uncritical for public data. However, some objects may be flagged as private (SC_PKCS15_CO_FLAG_PRIVATE), which require user authentication before allowing it to read. On the one hand, I think it would be useful to not save such data on disk to prevent an unauthorized read. On the other hand, the file caching directory is created so that nobody else can read it (mask 0700 on Unix; User's application data on Windows).

Should we try to avoid caching private data or is this unreasonable given the limited access to the caching directory?

frankmorgner avatar Jan 25 '21 15:01 frankmorgner

And please use standard paths, even on macOS to avoid Sandbox issues

metsma avatar Jan 25 '21 17:01 metsma

Could you give more details?

frankmorgner avatar Jan 25 '21 22:01 frankmorgner

https://developer.apple.com/library/archive/documentation/Security/Conceptual/AppSandboxDesignGuide/AppSandboxInDepth/AppSandboxInDepth.html

Chapter: The App Sandbox Container Directory

metsma avatar Jan 26 '21 10:01 metsma

Let's get back to the original question:

Do you think that

  • [ ] yes, we should avoid caching private data or
  • [ ] no, we should cache private data, because its access is restricted to the current user?

Unfortunately, a "thumbs up" is ambigious, here...

frankmorgner avatar Jan 29 '21 16:01 frankmorgner

Hi! I think having this configurable would solve the issue, and leave that dilemma to the end user selecting best way for his use case. Would that be possible? Having at least public data cached would be desirable for some.

szszszsz avatar Jul 08 '21 14:07 szszszsz

I vote to never cache private data.

dengert avatar Jul 08 '21 21:07 dengert

@szszszsz @frankmorgner @dengert can you check #2588 if it looks good for you?

Jakuje avatar Aug 16 '22 12:08 Jakuje

Looks OK to me.

I should point out card-piv.c loads and caches certificates to obtain the public key type, size and parameters. This is the only way to determine existence of public and private keys and attributes. The internal caching was also added to avoid doing any other APDU to the card between a context specific verify APDU and a signature operation which is enforced be the card. Early versions of Mozilla code would do a C_Login then C_FindObjects for certificates then issue a C_Sign, which would fail if the certificate needed to be read off the card again.

dengert avatar Aug 16 '22 15:08 dengert