Hi, I just ordered an OpenPGP smartcard from Kernel Concepts as per http://www.g10code.com/p-card.html
Does anyone else have one of these? At the moment, my secret key is stored on my hard drive and is encrypted by a long passphrase. When I transfer my subkeys to the smartcard, will they actually be encrypted whilst they're on there? I understand that you have to enter a PIN between 6 and 32 characters in length in order to perform crypto operations on the card via the smartcard interface, but I'm just wondering if somebody with sufficient skills could read the data off the smartcard chipset by looking directly at the circuitry? Are the keys on the smartcard perhaps encrypted with the access PIN? That still wouldn't be perfect, definitely easier to bruteforce than a long passphrase, but it would be better than nothing... -- Mike Cardwell https://grepular.com/ https://twitter.com/mickeyc Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
