gnupg-pkcs11 status & future

Werner Koch wk at gnupg.org
Sun Feb 28 09:41:02 CET 2016


On Sat, 27 Feb 2016 09:29, martin.konold at erfrakon.com said:

> Please allow me to mention that many smartcards disallow cleartext export of 
> keys generated on the card while also don't allow to import cleartext private 
> keys.

Actually it is a core feature of all smartcards that you can't extract
the private key.

Importing of keys is also a very common features, although this is often
done by the issuer during the personalization stage.

> But this is not a backup issue as most cards also allow for n-of-m threshold 

Nope, unless you have a different definition of MOST.  There is also the
problem of API based attacks for such complex card APIs.  For example
the 4758, which had very advanced private key management features, could
be cracked by such an attack.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-users mailing list