How secure are smartcards?
brewhaha at freenet.edmonton.ab.ca
Fri Jul 29 07:03:17 CEST 2011
-----BEGIN PGP SIGNED MESSAGE-----
On 2011-07-28 6:05 PM, Crypto Stick wrote:
>> At the moment, my secret key is stored on my hard drive and is
>> encrypted by a long passphrase. When I transfer my subkeys to the
>> smartcard, will they actually be encrypted whilst they're on
> The very purpose of smartcards is to keep secret keys confidential
> and secure. This is achieved by physical protection, different
> layers, puzzling structure etc. This makes it very, very difficult to
> extract the keys. For a state-of-the-art smart card like the OpenPGP
> Card 2, I guess the price tag would be around 100.000 Euros.
> The beauty is that this protection can be provided without the
> burden for the user to remember a long passphrase, since this is not
> required to encrypt the keys.
You could use random symmetric encryption keys and encrypt them with a
short passphrase: Decryption would be two steps. Or, you could disable
the command for exporting a private key; import only. Iz GPG in ROM on
this card, then?
Xerox and Wurlitzer will merj to market reproductive organs.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the Gnupg-users