>> The smartcard itself only RSA-decrypts the session key (or hash), >> and this doesn't require an RNG. > > ... that this means RSA encrzption is reproducable, meaning > encrypted files of the same plaintext result in the same ciphertext, > as this woul make the process reproduceable and any malfunction can > be easily noticed.
Nope. OpenPGP requires each RSA encryption add at least eight random bytes to the data pre-encryption in order to make even identical messages encrypt to different ciphertexts. Search RFC4880 for a reference to RFC3447 7.2.1, then look up RFC3447 7.2.1 and see how EME-PKCS1-v1_5 encoding is defined. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
