How secure are smartcards?

Mike Cardwell gnupg at
Fri Jul 29 10:30:20 CEST 2011

On 29/07/2011 02:45, Jerome Baum wrote:

>> The very purpose of smartcards is to keep secret keys confidential and
>> secure. This is achieved by physical protection, different layers,
>> puzzling structure etc. This makes it very, very difficult to extract
>> the keys. For a state-of-the-art smart card like the OpenPGP Card 2, I
>> guess the price tag would be around 100.000 Euros.
> Any data on that?
> (and before you say it, I know you said "guess" and my question was
> more rhetorical)

This is where my confidence fades a little. If the key is on my laptop,
as long as my laptop hasn't been compromised, the key is secured by
math. If it's on a smartcard, I have to trust that when people tell me
it's prohibitively expensive, that they are right and up to date, and
then I also have to trust that my adversary doesn't have the
money/inclination to do it. I'd *expect* lots of organisations to have
worked on processes to quickly and "cheaply" pull PGP keys off various
brands of smart card, just in case they need to. And I'd expect many of
them to not publish their results.

>> The beauty is that this protection can be provided without the burden
>> for the user to remember a long passphrase, since this is not required
>> to encrypt the keys.
> Agree that it's nice, but I don't think that was the intention behind
> smart cards. The problem with not encrypting the keys is that a
> read-out is possible -- if the keys are encrypted, the read-out
> becomes a tad more difficult, depending on the length of the PIN.

There is another attack vector here. If someone observes me entering my
pin, they can obtain my smart card at a later date and use it to decrypt
my files. I am thinking of hard coding *part* of my pin into gpg on my
primary system, so I can only be observed typing in part of the pin.
Every little helps.

Mike Cardwell
Professional   0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110729/5fa5cfdc/attachment.pgp>

More information about the Gnupg-users mailing list