Subject: openpgp card and basiccard RNG

[Peter Lebbing]

On 13/02/14 12:13, Kostantinos Koukopoulos wrote:
> Of course in the end it still comes down to the question of how much we
> trust ZeitCorp, but I have no positive reason not to. Using these cards has
> risk of course but much smaller than the potential for increased security.

If you create keys on the card with the option of a local backup, or if you
create normal keys which you then "keytocard", the included RNG is not used for
key material. I don't think it's used elsewhere (apart from the obvious GET
CHALLENGE command which is used to get verbatim random numbers from the RNG).
Signature generation is deterministic, and the random bytes used for an
encrypted message are generated by the sender, not the card.

Werner Koch had this to say about an on-card RNG[1]:

> Compared to actual hardware RNGs they are very limited and probaly prone to
> errors. there is also no way to do extensive power up tests which all other 
> hardware RNGs require.
> 
> I consider a good OS supported RNG more reliable.

Considering that Werner was involved in the creation of the OpenPGP card, I
think the on-card RNG isn't blindly trusted.

That does beg the question: is it still used when using "addcardkey" and
declining to use a backup?

HTH,

Peter.

PS: I restricted your statement "trust ZeitCorp" to the RNG. Obviously, more
possibilities exist for a manufacturer to be nasty.

[1] http://lists.gnupg.org/pipermail/gnupg-users/2013-June/046901.html

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>