Smartcards and tokens
Robert J. Hansen
rjh at sixdemonbag.org
Sun Dec 18 01:56:43 CET 2016
>> The smartcard itself only RSA-decrypts the session key (or hash),
>> and this doesn't require an RNG.
> ... that this means RSA encrzption is reproducable, meaning
> encrypted files of the same plaintext result in the same ciphertext,
> as this woul make the process reproduceable and any malfunction can
> be easily noticed.
Nope. OpenPGP requires each RSA encryption add at least eight random
bytes to the data pre-encryption in order to make even identical
messages encrypt to different ciphertexts. Search RFC4880 for a
reference to RFC3447 7.2.1, then look up RFC3447 7.2.1 and see how
EME-PKCS1-v1_5 encoding is defined.
More information about the Gnupg-users