How secure are smartcards?
cryptostick at privacyfoundation.de
Fri Jul 29 02:05:21 CEST 2011
> At the moment, my secret key is stored on my hard drive and is encrypted
> by a long passphrase. When I transfer my subkeys to the smartcard, will
> they actually be encrypted whilst they're on there?
The very purpose of smartcards is to keep secret keys confidential and
secure. This is achieved by physical protection, different layers,
puzzling structure etc. This makes it very, very difficult to extract
the keys. For a state-of-the-art smart card like the OpenPGP Card 2, I
guess the price tag would be around 100.000 Euros.
The beauty is that this protection can be provided without the burden
for the user to remember a long passphrase, since this is not required
to encrypt the keys.
More information about the Gnupg-users