Which version of GnuPG to use?

Stefan Claas sac at 300baud.de
Tue Sep 17 18:59:34 CEST 2019

Werner Koch wrote:

> On Mon, 16 Sep 2019 23:49, gnupg-users at gnupg.org said:
> > speak, with a specially crafted software, when using an online computer
> > with a SmardCard? I have read that the secret key can not been copied from
> > the card, but what about the 'bits and pieces' in memory when decrypting?
> Side-channel attacks on smartcards are an pretty old thing dating back
> to the late 80ies.  Current smartcards are hardened against most such
> attacks.  Unless you have physical access to the card the secrets and
> their use on the card/token are well protected against any sniffing by
> the host.

Unfortunately I am no programmer but I was thinking about the following:

I assume that in order to decrypt a message the secret key data must be
unlocked and loaded for a very short time into the computers RAM, in order
to perform the decryption, or am I wrong with my assumption?

And if I am not wrong, would that be very difficult to get the parameters
from the secret key or does GnuPG somehow (tries to) prevent this?

Sorry for this question but I like to learn more about how this works
and if I should invest in a smardcard in the future, for online usage.


box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
  certified OpenPGP key blocks available on keybase.io/stefan_claas

More information about the Gnupg-users mailing list