OpenPGP smartcard, how vulnerable is it?

Heinz Diehl htd at
Wed Aug 15 18:53:50 CEST 2012


if someone gets physical access to an openpgp smartcard, where is
the weakest spot in the whole scenario then? Can the contents of the card
be copied, e.g. to circumvent the limited possibilities entering
the correct PIN / admin-PIN? Can the secret key be extracted to
brute-force the PIN / passphrase? Reverse engineering?! What else??

Me thinking: using this smartcard and a 10-digits PIN should be more
than sufficient, because the attacker has only three chances to get
the PIN right, and in case of a 10 digits PIN will he/she be quite
unlikely to succeed. (The passphrase itself may be a 50 chars random
concatenating of numbers, letters and special chars).

What am I missing?

More information about the Gnupg-users mailing list