Smartcards and tokens
andrewg at andrewg.com
Fri Dec 16 13:36:19 CET 2016
On 16/12/16 02:30, sivmu wrote:
> If the token does the encryption (and signing) operations,
Smartcards perform signing and DEcryption (which in the case of RSA are
> it needs randomness.
That's true of DSA and ElGamal, but smartcards normally implement RSA.
Remember also that PGP uses a two-step encryption process. The random
symmetric session key is generated on the host rather than the
smartcard, and the secure hash used in signing is deterministic.
The smartcard itself only RSA-decrypts the session key (or hash), and
this doesn't require an RNG.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users