AW: Smartcard Support, open system security, law,( certificate sig removed)

Werner Koch
Sun Aug 24 16:38:02 2003

On Fri, 22 Aug 2003 10:07:02 +0200 (MET DST), Johan Wevers said:

>> revevealed to anyone; your own smartcard contains your own key - why
>> would you want to crack the card then?

> Not you, but an attacker who finds or steals the card would.

Thats for what revocations are used for.

>> Please give me some hints on how you can remotely compromise a private
>> key stored on a properly implemented smartcard.

> Someone could crack it, copy it to another card and then use it.

Without access to the physical card this is not possible.  I was
talking about a remote compromise; i.e. by accessing your box and
reader over the net.



Werner Koch                                      <>
The GnuPG Experts                      
Free Software Foundation Europe