gpg-rsa-key decryption with a mobile

Peter Lebbing peter at digitalbrains.com
Fri Dec 20 11:53:28 CET 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 20/12/13 10:28, Mike Cardwell wrote:
> I have a V2 OpenPGP SmartCard. I'm wondering if this would be vulnerable to
> the attack in question? Also, what about the Crypto Stick? Presumably these
> generate the same sort of noise during signing/decryption that the CPU
> would, but there's nothing GnuPG can do in software to mask it?

I'd be surprised if the smartcards don't employ RSA blinding because it is a
standard technique. A smartcard is supposed to protect the key even if it
falls into the wrong hands (up to a certain point). Analysis of the power
usage of the card during decryption or signing can quickly leak a private key
without blinding.

Another common thing is that you can get info on the private key by glitching:
momentarily sharply reduce the power supply voltage to make bits fall over in
the processor. If the processor returns the result of the faulty computation
to you, this can give insight on the private key. A simple technique to
counter this is to do the public counterpart of the private computation at the
end, and check if the result matches the original input. Only return data when
they match, otherwise just indicate "an error occured".

By the way, usually the actual crypto computations are implemented as
primitives in the smartcard, and the OpenPGP application just asks "decrypt
this for me". So all the masking techniques are part of the hardware and the
OS, not the OpenPGP application (although checking the result for glitches can
be done by the application).

HTH,

Peter.

- -- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>



More information about the Gnupg-users mailing list