Phil K. writes:
My thinking is to limit the external "dongle" to the one function that is truly sensitive and worthy of special protection: RSA secret key operations.
Phil's comment are right on. There is a need for you secret keys to be easily and physically relocatable. Re: key compromise
I see this as THE major obstacle to our goal of routinely encrypting all communications, sensitive or otherwise, as a way of "desensitizing" the world to the use of cryptography.
It is my own opinion that there will be a market for personal protection devices only when data is worth money. Data will be worth money when some data _is_ money.
only one primary function -- the execution of an RSA secret key operation. [...] it might have a "zeroize" function to destroy it.
I refer to this as WEEM: Write, Erase, Encrypt Memory
Everything else (data compression and armoring, public key operations, symmetric cryptography, etc) can and should go in the PC where cycles and memory space are much more plentiful.
Depending on the silicon size and production volume, you could probably use this device for all modular exponentiation operations. Or a cheap version could use a DSP module from a cell library and do all the arithmetic more slowly.
If the dongle has a built-in keypad, then it could store your RSA secret key encrypted with a PIN that you'd have to enter to enable the device.
Not only a keypad, but a full 4-function calculator with an LCD display as well! :-)
I believe that "smart cards" are already available on the market that do these or similar functions, although they are much more widespread in Europe than in the US.
Smart cards have the disadvantage that their die size is pretty severely limited. They have to fit within the thickness of a credit card and withstand repeated flexure. Much better for this application is the PCMCIA standard, which has plenty of room for circuitry. Eric