Which version of GnuPG to use?
sac at 300baud.de
Tue Sep 17 18:59:34 CEST 2019
Werner Koch wrote:
> On Mon, 16 Sep 2019 23:49, gnupg-users at gnupg.org said:
> > speak, with a specially crafted software, when using an online computer
> > with a SmardCard? I have read that the secret key can not been copied from
> > the card, but what about the 'bits and pieces' in memory when decrypting?
> Side-channel attacks on smartcards are an pretty old thing dating back
> to the late 80ies. Current smartcards are hardened against most such
> attacks. Unless you have physical access to the card the secrets and
> their use on the card/token are well protected against any sniffing by
> the host.
Unfortunately I am no programmer but I was thinking about the following:
I assume that in order to decrypt a message the secret key data must be
unlocked and loaded for a very short time into the computers RAM, in order
to perform the decryption, or am I wrong with my assumption?
And if I am not wrong, would that be very difficult to get the parameters
from the secret key or does GnuPG somehow (tries to) prevent this?
Sorry for this question but I like to learn more about how this works
and if I should invest in a smardcard in the future, for online usage.
certified OpenPGP key blocks available on keybase.io/stefan_claas
More information about the Gnupg-users