ndk.clanbo at gmail.com
Wed Oct 19 21:47:21 CEST 2016
Il 19/10/2016 13:06, Werner Koch ha scritto:
> There is no integrated card. gnuk uses an SM32 MCU which implements the
> OpenPGP card and CCID interface specs. This has the huge advantage that
> all software (firmware) is free software. The drawback is that it is
> not tamper resistant - your safe with important woodware documents or
> your gpg key backup isn't tamper resistant either. I prefer the free
> software solution given that the attack surface is smaller.
Well, actually the situation is a bit better: the keys at rest are
stored encrypted, even if kdf function uses less rounds not to slow down
unlocking too much... So even if an adversary manages to get the token
and retrieve the memory contents, he still have to find the passphrase
to decode the keys. Quite like the situation where he somehow accesses
your privring from a powered down computer.
More information about the Gnupg-users