End-to-end encryption ensures that only senders and recipients can read e-mail messages in plain text, thus providing effective protection against spying sensitive data. However, encryption solutions are rarely used because their installation and application seems too complicated. Our goal is to improve the user-friendliness of encryption procedures by using biometric methods for user authentication. OpenPGP is an open standard for a cryptographic system that uses key pairs of a public and a private key. Smart cards or USB tokens can be used to protect private OpenPGP keys from misuse. They also allow using always the same keys without having to store them on several potentially insecure devices. An OpenPGP card is a smart card that stores private OpenPGP keys, protects them from misuse and provides signature, decryption and client/server authentication functions. To ensure that the OpenPGP card is only used by its authorized owner, a secret alphanumeric password is provided. However, many people find typing passwords annoying, as the number of passwords to remember is constantly increasing. Biometric user authentication can help. Verification of the dynamics of signatures that are written by hand on a touch screen is particularly suitable for user authentication on OpenPGP cards. Handwritten signatures have long been accepted as an authentication factor and are an expression of a writer's wilful decision.
Customized OpenPGP Android app
The open-source app OpenKeychain was selected as a suitable OpenPGP implementation under Android. An advantage of OpenKeychain is the possibility of using the app by other applications installed on the smartphone. Of particular interest here is the e-mail app K9, also available as open source software, which offers the possibility of encrypting, signing and decrypting e-mails with the help of OpenKeychain. We have modified OpenKeychain to allow user authentication using handwritten signatures in addition to user authentication with passwords. This means that the following additional functions are supported:
- Selection of the authentication method: If the OpenPGP card supports on-card signature verification, OpenKeychain prompts the user to sign for user authentication. The user can cancel signature capture and enter his or her password instead.
- Capturing signatures: This includes access to the touchscreen and the pre-processing and formatting of the captured signature data. The compact format standardized in ISO/IEC 19794-7 is used for the transmission of signature data (time series of the x and y coordinates) via the smart-card interface.
- Sending biometric data to the card: Signature data must be sent to the OpenPGP card both for user authentication and for changing the reference data.
OpenPGP smart card with on-card signature verification
Our OpenPGP cards with on-card signature verification are implemented using dual interface (contact and contactless) Java cards. The version of the OpenPGP card specification that is also supported by OpenKeychain has been implemented. The most important card commands provided by the OpenPGP applet are COMPUTE DIGITAL SIGNATURE for calculating digital signatures and DECIPHER for decrypting. The specification provides two passwords (PW1 and PW3) as reference data for authentication:
- PW1 must be successfully checked before executing the COMPUTE DIGITAL SIGNATURE and DECIPHER commands.
- PW3 must be checked before executing administrative commands.
In case that signature capture is not possible, the card can also be used as a conventional OpenPGP card with password verification.