OpenPGP Card source

Werner Koch wk at
Fri Mar 4 09:52:22 CET 2011

On Thu,  3 Mar 2011 20:44, david at said:

> I suppose this begs the question -- since the card has access to raw
> keys, how confident can we be that no back doors exist in the card?

We can't.

However, we can't be confident about our general purpose CPUs either.  A
few hundred gates out of hundred of millions should be enough to peep at
the code and leak key data.  The damage done to the vendors in case such
a backdoor is found might be different to a backdoor found in a security

In my threat model the most likely attacks are exploitable vulnerability
in standard software.  Creating such exploits is much cheaper and more
stealth than a backdoor in a mass market chip.  A smartcard is a
reasonable protection against such exploits - at least you key will not
be compromised in case the host box has been compromised.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list