gpgsm/smartcard/AES

Werner Koch wk at gnupg.org
Mon Nov 25 18:58:13 CET 2013


On Mon, 25 Nov 2013 14:55, gpgsm at plaga.de said:

> As the AES-key has a length of 32 bytes, a possible work-around would
> be the insertion of an additional if-check for seskeylen == 32 -- But
> I am not sure if there are possible collisions with non-unpacked (see
> [1]) keys.

I don't like such a hack.  There is even a fixme comment for the 3-DES
hack.  A proper way to implement that is to add specific support for
this into gpg-agent and scdaemon.  gpgsm would then be able to decide
whether this is an unpacked key or not.

Granted, trial decyption is possible and thus - aside from side channel
attacks - there is no security problem with that.  However, a clean
solution makes much more sense.

What card application are you using?


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-devel mailing list