private key protection

Robert J. Hansen rjh at
Tue Oct 18 15:14:50 CEST 2011

On 10/18/2011 8:53 AM, takethebus at wrote:
> I  read  a smartcard is simply a chip card. Why is it save, what's a 
> PIN?

PIN: Personal Identification Number.

The idea is the secret key material is stored on the card, not on the
PC.  The secret key material is located in write-only memory: from the
PC side, there is no way to read off the secret key material.  When you
want to sign a document the PC computes a hash of the data, then sends
the hash to the card.  The card tells the PC, "ask the user for their
PIN number to unlock my secret key."  The PC gets the user's PIN and
sends it to the card.  If the PIN entered is correct, the card signs the
hash and returns back a signature.

Let's say your PC gets Trojaned.  An attacker can replace the GnuPG
binary with a Trojaned version that will capture the PIN, sure, but
there is literally no way for the Trojaned GnuPG binary to capture the
secret key material off the card.

I'm not saying it's safe.  Safety is, at best, a relative term.
However, this is generally accepted to be as safe an option as any, and
safer than most.

> How is access restricted to the key by the smartcard?

The card disallows any external read access to the secret key material.

> Since  the PC is "isolated" from the net, I don't need to be afraid
> of software    keyloggers,    trojans   etc.

Check your assumptions, friend.  ;)

> 3. The best way is to have one PC connected to the internet and 
> another, without an internet connection (missing network drivers and 
> a fully encrypted hard disk for instance), which you use to decrypt 
> and encrypt messages. You use an USB stick to carry messages from the
> internet PC to the one not connected to the net.

USB sticks make great malware vectors.  Just ask any Iranian nuclear
scientist.  :)

More information about the Gnupg-users mailing list