OpenPGP card feature request: as many encryption-capable keys as technically possible

Werner Koch wk at
Sat Aug 16 11:09:28 CEST 2014

On Fri, 15 Aug 2014 13:10, at said:

> So what is that assumption based on ? If you are using a hardware device
> that is certified as Secure Signature Creation Device under the Common
> Criteria scheme, then the quality of the random number generation is an
> important criteria in the evaluation (see for example AIS31 under the

The evaluation demands that the generated random is reproducible so that
the generator can be tested.  The way the seed is set is not part of the
evaluation (at least not for FIPS).  BSI people who analyzed the
Libgcrypt RNG once demanded that the quite complicated pool based design
should be replaced by X9.31 - they didn't care about the seed ("it
should be unpredictable, but we can't evaluate this").

The design of the seed generators on the EAL 4 evaulated cards is almost
always a trade secret and we don't know how and when it breaks.  A PC is
horrible bad at collecting good entropy but at least we have a lot of
failsafe modes and thus you won't end up with a stuck RNG.  There is
also the option to add an open hardware entropy source in addition to
RDRAND/Padlock and the other ways of collecting data for the seed.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list