Crowdfunding USB Security Key for Email- and Data-Encryption - Nitrokey Storage

Jan Suhr jan at
Mon Nov 23 23:10:21 CET 2015

Hi Diego,

Am 23.11.2015 um 09:42 schrieb NdK:
> Il 23/11/2015 08:56, Jan Suhr ha scritto:
>>> I didn't look at the code (so this could be completely wrong and I'd be
>>> happy!), but if the OTP key is decrypted using a key in the chip after
>>> verifying that the card accepts the PIN, then it's even worse, since
>>> that master key is in cleartext somewhere outside the smartcard. So,
>>> with some efforts and a good lab the OTP keys can be extracted.
>> The key is stored in the card.
> Then, replacing the card replaces the OTP key. No?

If the optional PIN protection for OTPs is enabled, replacing the smart
card would render the OTPs inaccessible.


> BYtE,
>  Diego
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at

Jan Suhr

Nitrokey UG (haftungsbeschränkt)

Email: jan at
Phone: +49 163 7010 408

Berliner Str. 166, 10715 Berlin, Germany
CEO / Geschäftsführer: Jan Suhr
Register Record: AG Charlottenburg, HRB 164549 B
VAT ID / USt-IdNr.: DE300136599

More information about the Gnupg-users mailing list