Subject: openpgp card and basiccard RNG

Kostantinos Koukopoulos koukopoulos+gnupg-users at
Fri Feb 7 07:42:52 CET 2014

On Wed, Feb 5, 2014 at 10:01 AM, Michael Anders <micha137 at> wrote:

> In my opinion a (good) PRNG seeded properly under user control is no
> problem.
> If -as the FAQ seems to tell- it is primed during production, beyond
> user control, this implies that normal users have to fully trust the
> manufacturer.
> A malicious manufacturer would be able to completely break privacy based
> on the "Enhanced BasicCard" without the user being able to detect this.
> An instance is created here, deliberately and unnecessarily, which the
> user has to trust. This pattern smells like a backdoor mechanism to
> me.
> I would outrighly reject to use such a card.
Makes sense, So does anyone know the version of BasicCard used for openpgp
cards? Or who to contact with this question? I asked at the distributor ( and they said they couldn't answer such technical
questions and suggested I try asking on this list.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140207/4f341311/attachment.html>

More information about the Gnupg-users mailing list