Open amluto opened 9 years ago
The only way to disable NFC access is to insert a checking code that checks for the protocol in use via the APDU class's getProtocol() method when receiving APDU commands. When the protocol is from a Contactless interface, it can simply skip the command and ignore via sending 0x6F00 error or some equivalent error.
The problem would be the what-ifs the hardware only respect contactless mode then the above code change would be devastating by simply ignoring all APDU commands until you delete the applet and reload one with yet another revision of codes.
Another thing to consider is how to manage the switching off and on of the software contactless disable flag I mentioned above. If Yubico implements a contactless disable flag in software, such an option does not exist in the OpenPGP specification and this OpenPGP applet is merely trying to follow the OpenPGP specifications.
If you are using the Yubikey NEO, it would be highly advisable you use it over USB instead of NFC interfaces. If you are worried of people walking pass you to sniff your Yubikey, you could use one of those NFC/RF protection wallets or pouches or make your own with a tightly sealed aluminium case if you have good handicraft skills.
In fact I do prefer the hardware isolation via some NFC/RF protection cases or pouches because a software disable switch have to rely on the software on the lower layers of the stack and hardware isolation via NFC/RF protection pouches and cases immediately isolates your Yubikey when you are not using it. When using it, you should only be using it via USB if you are afraid of NFC related attack surfaces and you should be isolated in a room with an air-gapped computer as the very least OPSEC measure and also without any portable devices you suspect might introduce vulnerabilities in your OPSEC scheme.
What exactly is being referred to as far as plain text? The whole thing with OpenPGP in the YubiKey is that it is a black box that is secure, right? Or am I missing something?
I never use my OpenPGP applet over NFC and, given that the OpenPGP password protocol is very weak (plaintext-equivalent AFAICT instead of using some secure challenge-response protocol or PAKE), I'd rather just disable access over NFC. Could this be added?
A way to generally disable CCID-over-NFC on the Neo using mode switching would also work.