Smartcards and tokens

sivmu sivmu at
Tue Dec 20 09:56:30 CET 2016

Am 18.12.2016 um 10:49 schrieb Peter Lebbing:
> On 18/12/16 01:56, Robert J. Hansen wrote:
>> Nope.  OpenPGP requires each RSA encryption add at least eight random
>> bytes to the data pre-encryption in order to make even identical
>> messages encrypt to different ciphertexts.
> However, this randomness is added by the host, not by the smartcard. The
> OpenPGP smartcard really only does a deterministic action, and its
> correctness can be verified simply by doing the RSA public key operation
> on the output and checking that the result is identical to what was fed
> to the smartcard.

Thats good to know. Thanks

> I can't think of a side channel to leak the private key to an attacker
> through an uncompromised host, but I wouldn't be surprised if there is
> such a side channel. Does anybody have a cool way to leak this? Single
> bits at a time will do! :-)

Implement a GSM chip into the token? :)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20161220/47c77c64/attachment-0001.sig>

More information about the Gnupg-users mailing list