Talking about Cryptodevices... which one?
peter at digitalbrains.com
Sat Jan 24 20:19:33 CET 2015
On 24/01/15 17:57, Andreas Schwier wrote:
> Can you provide any evidence for that claim or is this just paranoia ?
One man's paranoia is another man's common sense, I suppose. Since those
smartcards are pretty much exclusively used for security purposes, i.e., private
key storage, they're a likely target for an intelligence agency to try to subvert.
> Most smart cards used today in security sensitive mass applications like
> banking cards, signature cards, national id cards or passports must be
> independently evaluated and certified under the Common Criteria scheme.
> I can not image a way to introduce a backdoor without being detected
> during evaluation or in the secure delivery procedure.
I've replied to this statement earlier, I won't repeat myself other than to say
> I can disconnect the card from the
> PC and I can rest assured that no copies of the key exist and the key
> can not be misused (Unless someone steals card and PIN).
Assuming it's not backdoored, yes. In the presence of backdoors this is
obviously not the case.
> That is an
> important security attribute that no software keys can provide for - at
> some point in time the software key must be somewhere in memory.
Yes, I agree.
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
More information about the Gnupg-users