On 24/01/15 17:57, Andreas Schwier wrote: > Can you provide any evidence for that claim or is this just paranoia ?
One man's paranoia is another man's common sense, I suppose. Since those smartcards are pretty much exclusively used for security purposes, i.e., private key storage, they're a likely target for an intelligence agency to try to subvert. > Most smart cards used today in security sensitive mass applications like > banking cards, signature cards, national id cards or passports must be > independently evaluated and certified under the Common Criteria scheme. > I can not image a way to introduce a backdoor without being detected > during evaluation or in the secure delivery procedure. I've replied to this statement earlier, I won't repeat myself other than to say I disagree. > I can disconnect the card from the > PC and I can rest assured that no copies of the key exist and the key > can not be misused (Unless someone steals card and PIN). Assuming it's not backdoored, yes. In the presence of backdoors this is obviously not the case. > That is an > important security attribute that no software keys can provide for - at > some point in time the software key must be somewhere in memory. Yes, I agree. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
