[Announce] [security fix] Libgcrypt and GnuPG

Werner Koch wk at gnupg.org
Mon Aug 11 10:21:55 CEST 2014


Hi,

[94 lines of full quote deleted - pretty please strip quote to what is
 needed.  I nearly missed your question]

On Sat,  9 Aug 2014 22:52, branko at majic.rs said:

> Skimming through the description, does it mean that users with OpenPGP
> cards should be impervious to this attack? Can the attack be used to
> leak symmetric keys during the GnuPG operation?

It is unlikely that this particular attack can be used against smart
cards.  They are quite different from a general purpose PC.  Modern
cards are designed to mitigate many classes of side-channel attacks
since cards started to be targeted more than 25 years ago.

The private keys are only on the card and not accessible from the PC.


Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gcrypt-devel mailing list