How secure are smartcards?

Jay Litwyn brewhaha at freenet.edmonton.ab.ca
Fri Jul 29 07:03:17 CEST 2011


-----BEGIN PGP SIGNED MESSAGE-----

On 2011-07-28 6:05 PM, Crypto Stick wrote:
>> At the moment, my secret key is stored on my hard drive and is
>> encrypted by a long passphrase. When I transfer my subkeys to the
>> smartcard, will they actually be encrypted whilst they're on
>> there?
> 
> The very purpose of smartcards is to keep secret keys confidential
> and secure. This is achieved by physical protection, different
> layers, puzzling structure etc. This makes it very, very difficult to
> extract the keys. For a state-of-the-art smart card like the OpenPGP
> Card 2, I guess the price tag would be around 100.000 Euros.
> 
> The beauty is that this protection can be provided without the
> burden for the user to remember a long passphrase, since this is not
> required to encrypt the keys.

You could use random symmetric encryption keys and encrypt them with a
short passphrase: Decryption would be two steps. Or, you could disable
the command for exporting a private key; import only. Iz GPG in ROM on
this card, then?
_______
Xerox and Wurlitzer will merj to market reproductive organs.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: http://ecn.ab.ca/~brewhaha/gpg/Keyprint_Biometric.mp3.pgp
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQCVAwUBTjI/Eh47apzXdID2AQGM4wP7BD/N5ki544ekkJGuu20qYpqjJhdKmNn2
tQqxY0JYH82SnevQOrRPNfOI+pqM2EuemppItfYbuAG0iI2KqE/aa2Ax/wUL++EA
QLy3xuKU8VzxXrSyBm1hqr0FgbA29uxSp/CwHE+TNdgVDEn6aqmq5lZdn+OSqfpR
FXIXoYC/0Dc=
=icAi
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list