Secret key storage questionReply-To:

Arno Wagner wagner at
Thu Jun 20 16:18:02 CEST 2002

> On Wed, Jun 19, 2002 at 12:54:35PM -0500, Bob Luckin wrote:
> > On Wed, Jun 19, 2002 at 01:38:50PM -0400, David Shaw wrote:
> > If it is on the card, and they can read the card, surely they would ?
> > 
> > Even if not, they'd get every subsequent message sent via the computer until
> > the attack was discovered.
> > 
> > Or am I missing something here ?
> Crypto smartcards don't just store the secret key - they in effect
> *are* the secret key.  

Let's say, they are the computer the crypto-app is running on. The
PC is just sort of a remote terminal and does the symmetric crypto.
No proplem, as the PC sees plaintext and ciphertext anyway.

> They do all the crypto math on the card itself,
> so the host computer never sees the secret key.  The host uploads the
> session key, the card encrypts/decrypts it, and returns the result.


One problem remains: How does the card get authorized to 
encrypt/decrypt/sign something?

If the user enters a PIN into the PC, the PC could misuse the then-knowen 
PIN as long as it has access to the card. There are solutons for
that, usually involving some direct interaction between card
and user. There could e.g. be a display in the card and the user has 
to read some random number from it and type it into the PC 
to authorize one transaction. Some smart-cards also have numeric
keyfield for PIN entry. 

The poetential for misuse is then only once, and the user will 
notice, as his request cannot be honored (the one crypto-op was spent 
on the misuse).


Arno Wagner, Communication Systems Group, ETH Zuerich, wagner at
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
For every complex problem there is an answer that is clear, simple, 
and wrong. -- H L Mencken

More information about the Gnupg-devel mailing list