Subject: openpgp card and basiccard RNG

Peter Lebbing peter at
Thu Feb 13 21:29:09 CET 2014

On 13/02/14 21:13, Luis Ressel wrote:
> You've got to sign an NDA to learn about the implementation of this
> security device which is supposed to be open?

You need an NDA to get the SDK, and you can't disclose the source code for your
application. You don't need the implementation details of a smartcard to write
an application for it.

Those NDA's are rather common in the smartcard world, where companies with a lot
of money are worried you'll devise a way to watch pay-TV for free and such.[1]

Although I think there's a trend towards more openness, and I learned a while
ago that you can get crypto-capable JavaCards these days without requiring an NDA.



PS: I might be off on the exact details, this is all from an interested
observer's standpoint.

[1] Yes, security through obscurity. And they need the obscurity, because the
security often isn't all that well. Although they have to face the problem that
DRM is defective by design, and what they're doing borders on DRM, so partly
it's a fundamental problem.

I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

More information about the Gnupg-users mailing list