How secure are smartcards?

gnupg at gnupg at
Fri Jul 29 10:38:29 CEST 2011

On 29/07/2011 06:03, Jay Litwyn wrote:

>> The beauty is that this protection can be provided without the
>> burden for the user to remember a long passphrase, since this is not
>> required to encrypt the keys.
> You could use random symmetric encryption keys and encrypt them with a
> short passphrase: Decryption would be two steps. Or, you could disable
> the command for exporting a private key; import only. Iz GPG in ROM on
> this card, then?

The point of these smartcards is that once you write a key to them, it
can't be read off. When you want to decrypt or sign some data, GPG sends
the data to the smartcard, which does the cryptographic operations it's
self, on the card, and then sends the result back. So even if your
machine becomes infected by a trojan and has a keylogger installed, the
attacker *still* can't get your key.

The problem is, even though you can't read the key off using the
smartcard interface, if you have the correct machinery, you can
potentially physically read the key directly off the chipset.

My suggestion is that it would be better if the key is encrypted whilst
it sits on the card, using the pin that is needed to talk to it. Then
even a physical attack would be impossible (assuming a long/secure pin).

Mike Cardwell
Professional   0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110729/91535923/attachment-0001.pgp>

More information about the Gnupg-users mailing list