On 29/07/2011 06:03, Jay Litwyn wrote: >> The beauty is that this protection can be provided without the >> burden for the user to remember a long passphrase, since this is not >> required to encrypt the keys. > > You could use random symmetric encryption keys and encrypt them with a > short passphrase: Decryption would be two steps. Or, you could disable > the command for exporting a private key; import only. Iz GPG in ROM on > this card, then?
The point of these smartcards is that once you write a key to them, it can't be read off. When you want to decrypt or sign some data, GPG sends the data to the smartcard, which does the cryptographic operations it's self, on the card, and then sends the result back. So even if your machine becomes infected by a trojan and has a keylogger installed, the attacker *still* can't get your key. The problem is, even though you can't read the key off using the smartcard interface, if you have the correct machinery, you can potentially physically read the key directly off the chipset. My suggestion is that it would be better if the key is encrypted whilst it sits on the card, using the pin that is needed to talk to it. Then even a physical attack would be impossible (assuming a long/secure pin). -- Mike Cardwell https://grepular.com/ https://twitter.com/mickeyc Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
