On Mon, 11 Aug 2014 10:21:55 +0200 Werner Koch <[email protected]> wrote:
> On Sat, 9 Aug 2014 22:52, [email protected] said: > > > Skimming through the description, does it mean that users with OpenPGP > > cards should be impervious to this attack? Can the attack be used to > > leak symmetric keys during the GnuPG operation? > > It is unlikely that this particular attack can be used against smart > cards. They are quite different from a general purpose PC. Modern > cards are designed to mitigate many classes of side-channel attacks > since cards started to be targeted more than 25 years ago. > > The private keys are only on the card and not accessible from the PC. > I should've been more specific with my question (or perhaps I misunderstood the answer a bit :) If I understand correctly (please do correct me if not), when encrypting/decrypting a file with GnuPG using an OpenPGP card, a symmetric key is created that will encrypt the file, and subsequently this symmetric key will be encrypted using the OpenPGP card, with the encrypted symmetric key becoming part of the encrypted file. This symmetric key is generated outside of the OpenPGP card (if I got it right), and encryption/decryption of a file itself is performed outside of the OpenPGP card (i.e. on host computer). Can the attack be used to obtain this symmetric key for encrypting the file during encryption/decryption operations performed by GnuPG? Best regards P.S. Sorry for the original lost quote, I'll try to keep 'em shorter :) -- Branko Majic Jabber: [email protected] Please use only Free formats when sending attachments to me. Бранко Мајић Џабер: [email protected] Молим вас да додатке шаљете искључиво у слободним форматима.
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
