Il 23/11/2015 08:56, Jan Suhr ha scritto: >> I didn't look at the code (so this could be completely wrong and I'd be >> happy!), but if the OTP key is decrypted using a key in the chip after >> verifying that the card accepts the PIN, then it's even worse, since >> that master key is in cleartext somewhere outside the smartcard. So, >> with some efforts and a good lab the OTP keys can be extracted. > The key is stored in the card. Then, replacing the card replaces the OTP key. No?
BYtE, Diego _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
