Il 13/02/2014 23:20, Werner Koch ha scritto: [JavaCards] > I am not interested in those small applications on the smartcard as long > as I can't scrutinize the real code, i.e. the OS. Whether those > applications are written for a p-code system (JavaCard, BasicCard) or > for the native CPU doesn't change anything in the equation. Then where would you stop analyzing? If you look at the OS code, there could be a backdoor in the CPU microcode. Or in the chip firmware uploader (is there an HV programming mode available? was it disabled or physically removed from the die?).
And these are just the most obvious. The best we can do is trust the manufacturer and read the fine print on the datasheets. It will be more secure than a sw only implementation that runs on a connected PC. ByTE, Diego _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users