How secure are smartcards?

Mike Cardwell gnupg at lists.grepular.com
Sun Jul 24 22:14:31 CEST 2011


Hi,

I just ordered an OpenPGP smartcard from Kernel Concepts as per
http://www.g10code.com/p-card.html

Does anyone else have one of these?

At the moment, my secret key is stored on my hard drive and is encrypted
by a long passphrase. When I transfer my subkeys to the smartcard, will
they actually be encrypted whilst they're on there?

I understand that you have to enter a PIN between 6 and 32 characters in
length in order to perform crypto operations on the card via the
smartcard interface, but I'm just wondering if somebody with sufficient
skills could read the data off the smartcard chipset by looking directly
at the circuitry?

Are the keys on the smartcard perhaps encrypted with the access PIN?
That still wouldn't be perfect, definitely easier to bruteforce than a
long passphrase, but it would be better than nothing...

-- 
Mike Cardwell https://grepular.com/  https://twitter.com/mickeyc
Professional  http://cardwellit.com/ http://linkedin.com/in/mikecardwell
PGP.mit.edu   0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110724/fe0eec88/attachment.pgp>


More information about the Gnupg-users mailing list