[Announce] [security fix] Libgcrypt and GnuPG

Werner Koch wk at gnupg.org
Mon Aug 11 10:21:55 CEST 2014


[94 lines of full quote deleted - pretty please strip quote to what is
 needed.  I nearly missed your question]

On Sat,  9 Aug 2014 22:52, branko at majic.rs said:

> Skimming through the description, does it mean that users with OpenPGP
> cards should be impervious to this attack? Can the attack be used to
> leak symmetric keys during the GnuPG operation?

It is unlikely that this particular attack can be used against smart
cards.  They are quite different from a general purpose PC.  Modern
cards are designed to mitigate many classes of side-channel attacks
since cards started to be targeted more than 25 years ago.

The private keys are only on the card and not accessible from the PC.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gcrypt-devel mailing list