Crypto-stick (OpenPGP USB stick)

Date:2012-04-29
../_images/cryptostick.jpg

Note

The Crypto-stick (version 1.2) is a tiny USB stick based on the OpenPGP Smartcard standard.

Crypto-stick v1.2

The current version let you store 3 RSA keys of 4096 bits each. Hopefully, future versions will let you store more than that.

It has a little red LED that lights up on any activity, which neatly alerts you if anything attempts to use your stick. In a nutshell, if you’re not authenticating, encrypting, etc. anything and the LED lights up, something malicious is going on (that means remove the stick ASAP and check your computer).

Issues

While it works with all major operating systems (it even works on Android if you’re willing to hack stuff around a bit, and if you have an USB host port and cable, like on the SGS2 for example), it has at least 2 physical flaws.

  • It’s too wide. In many cases (laptops, hubs, etc.) this blocks the USB ports next to the one used by the crypto-stick!
  • It’s not shielded. The stick is vulnerable to tempest-like attacks.

Fixes!

Those are however easy to fix. With a small screw driver, or knife, pop the translucent casing open. It won’t break.

  • Wrap the stick in electrical tape, but leave a small area open for the LED (as small as possible).
  • Wrap the stick again with tin foil - or better, copper tape if you have that (it’s a lot more expensive). Make sure you can still see the LED, but again, the area left open should be as small as possible, the shielding efficiency depends on this a lot. There should be no other opening.
  • Since you wrapped the stick with electrical tape before, there should be no contact between the circuit board, components or the tin foil, except for the USB plug itself, which sticks out.
  • With a soldering iron, solder a little blob of tin on the surface of the said USB plug. That surface is the ground and shield of the plug itself. Solder it with the tin foil or the copper tape. Soldering on tinfoil is difficult, so, don’t lose patience, or just get copper.
  • Verify that you have a good connectivity between the plug and the tin foil/copper using a voltmeter.
  • Finally, wrap the whole thing again in either electrical tape or shrinkwrap. I also use clear tape above the LED for protection, and to retain the Cryptostick serial number.
../_images/taped.jpg

Electrical tape is used to avoid shortcuts.

../_images/tinfoiled.jpg

Tinfoil wrapped! Make sure its grounded.

../_images/finished.jpg

Hackish, but functional.