Crowdfunding USB Security Key for Email- and Data-Encryption - Nitrokey Storage

NdK ndk.clanbo at
Sun Nov 22 15:30:55 CET 2015

Il 22/11/2015 12:55, Peter Lebbing ha scritto:

> My guess is the OTP shared secret is stored in the non-volatile memory
> of the microcontroller (in plaintext). That memory is reasonably well
> protected against reading out (when properly configured). Sure, it's
> possible with a lab, but it's not cheap. If such adversaries are in your
> threat model, my guess (again) is that the OTP feature of this stick is
> not aimed at you.
The whole stick (and the current OpenPGP card spec) is not aimed at me,
since it lacks the "decryption key history" that I'd need :)

What I don't understand is why they did not use one of the private
objects in the card to store the master key: this way, if the card gets
swapped, the master key becomes inaccessible and the attacker can't use
the OTP secret since it's encrypted with an unavailable key. Sure, it's
not perfect (the master key gets loaded in RAM of the micro) but makes
any attack harder.


More information about the Gnupg-users mailing list