Smartcards and tokens

Peter Lebbing peter at
Sun Dec 18 10:49:39 CET 2016

On 18/12/16 01:56, Robert J. Hansen wrote:
> Nope.  OpenPGP requires each RSA encryption add at least eight random
> bytes to the data pre-encryption in order to make even identical
> messages encrypt to different ciphertexts.

However, this randomness is added by the host, not by the smartcard. The
OpenPGP smartcard really only does a deterministic action, and its
correctness can be verified simply by doing the RSA public key operation
on the output and checking that the result is identical to what was fed
to the smartcard.

I can't think of a side channel to leak the private key to an attacker
through an uncompromised host, but I wouldn't be surprised if there is
such a side channel. Does anybody have a cool way to leak this? Single
bits at a time will do! :-)

(We've already established that if the private key is generated on-card,
it is trivial to reconstruct it for an attacker that can insert a
backdoor into the smartcard)



I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

More information about the Gnupg-users mailing list