Crowdfunding USB Security Key for Email- and Data-Encryption - Nitrokey Storage

NdK ndk.clanbo at gmail.com
Mon Nov 23 09:42:27 CET 2015


Il 23/11/2015 08:56, Jan Suhr ha scritto:

>> I didn't look at the code (so this could be completely wrong and I'd be
>> happy!), but if the OTP key is decrypted using a key in the chip after
>> verifying that the card accepts the PIN, then it's even worse, since
>> that master key is in cleartext somewhere outside the smartcard. So,
>> with some efforts and a good lab the OTP keys can be extracted.
> The key is stored in the card.
Then, replacing the card replaces the OTP key. No?

BYtE,
 Diego



More information about the Gnupg-users mailing list