Smartcards and tokens

Andrew Gallagher andrewg at andrewg.com
Fri Dec 16 01:18:09 CET 2016


> On 15 Dec 2016, at 19:24, Lou Wynn <lewisurn at gmail.com> wrote:
> 
> If the host machine is compromised, what's the purpose of doing encryption on the SmartCard? Attackers don't need to know the key to get your plaint ext, because it is on the host machine.

The difference is that if you use a smart card in a compromised host, the plaintext of particular messages may be compromised but the key itself remains secure. It also helps in the case of hardware loss or theft, because an encrypted drive can be brute forced, but smartcards have retry limits that can't be worked around short of dissecting the silicon. 

That's assuming it has been sufficiently hardened against side channel attacks, of course. And if you leave the smart card in the machine with an insufficient pass phrase timeout, the attacker could feed an arbitrary number of messages through it without you knowing. So it's no panacea.

Andrew



More information about the Gnupg-users mailing list