Smartcard operation

Peter Lebbing peter at
Tue Sep 17 19:16:06 CEST 2019

On 17/09/2019 18:59, Stefan Claas via Gnupg-users wrote:
> I assume that in order to decrypt a message the secret key data must be
> unlocked and loaded for a very short time into the computers RAM, in order
> to perform the decryption, or am I wrong with my assumption?

OpenPGP messages encrypted to a public key are hybrid encryption: the
asymmetric (public/private) crypto is used to establish a per-message
shared secret. This shared secret is used by a symmetric encryption
algorithm to encrypt the actual data.

The smartcard does the asymmetric part of it all by itself, the computer
just asks it to decrypt something and gets the per-message shared secret
back from the card.

Then the PC will do the symmetric decryption of the actual data.

During regular use, knowledge about the private key contents never
leaves the smartcard, not for the briefest period.



I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Gnupg-users mailing list