Hello!
On 27. 01. 2015 01:00, Johannes Zarl wrote:
> You can tell gpg-agent to lock the card using the following command[1]:
>
> gpg-connect-agent 'SCD RESET' /bye
Nice, this works, thank you!
Jernej
signature.asc
Description: OpenPGP digital signature
__
On 01/27/2015 05:24 PM, Felix E. Klee wrote:
> A smart card stores the key unencrypted, right?
Quite typically not. The platform we use for the SmartCard-HSM generates
a random AES key during platform initialization and encrypts all key
material in EEPROM under this key. The only time the key is ha
On 01/24/2015 08:27 PM, Hauke Laging wrote:
> The OpenPGP card does provide the opportunity to backup the on the card
> generated key material.
Yes, but that uses a plain import/export of private keys, which defeats
the purpose of using a smart card to protect confidentiality of the keys.
I'd rat
On Sat, Jan 24, 2015 at 4:05 AM, NIIBE Yutaka wrote:
> gnuk (running on the FST-01)
How does that store the private key? Password encrypted?
A smart card stores the key unencrypted, right?
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://list
On Tue, Jan 27, 2015 at 5:19 PM, Andreas Schwier
wrote:
> The platform we use for the SmartCard-HSM generates a random AES key
> during platform initialization and encrypts all key material in EEPROM
> under this key. The only time the key is handled in plain (plain
> meaning within the protected
> Good! What PIN length do you recommend? (for the case that there is a
> backdoor to get the *encrypted* key off the card)
The encryption on the card is unrelated to the PIN. It's rather an
authentication object that blocks private key operations until the user
has entered the correct PIN.
With a
On Tue, Jan 27, 2015 at 6:14 PM, Andreas Schwier
wrote:
> The encryption on the card is unrelated to the PIN.
So the private key is encrypted with an AES key that is also stored on
the card? Then why encrypt the private key at all? Against what attack
does encryption of the private key on the car
On 01/27/2015 07:35 PM, Felix E. Klee wrote:
> On Tue, Jan 27, 2015 at 6:14 PM, Andreas Schwier
> wrote:
>> The encryption on the card is unrelated to the PIN.
>
> So the private key is encrypted with an AES key that is also stored on
> the card? Then why encrypt the private key at all? Against w
Hello,
I was trying to automate the generation of subkeys, using the --command-fd
option like this:
gpg --homedir /tmp/gnupgtest --status-fd 2 --no-tty --command-fd 0
--with-colons --edit-key E458A481 addkey
But i could not find the public key algorithm ids for ‘GET_LINE keygen.algo’
anywhere
On Tue, 27 Jan 2015 21:29, da...@x00.at said:
> But i could not find the public key algorithm ids for ‘GET_LINE
> keygen.algo’ anywhere in the documentation. It looks like the
> integers from the commandline interface without --command-fd, but is
> there any documentation on that?
No. And worse
On 27/01/15 21:01, Andreas Schwier wrote:
> Against certain hardware attacks that try to extract information from
> EEPROM cells on the chip. The AES key is not stored in main EEPROM area
> of the chip.
To put it in slightly different terms:
The AES key is only 16 or 32 bytes long (16 most likely
Thank you for your question.
On 01/28/2015 01:24 AM, Felix E. Klee wrote:
> On Sat, Jan 24, 2015 at 4:05 AM, NIIBE Yutaka wrote:
>> gnuk (running on the FST-01)
>
> How does that store the private key? Password encrypted?
Gnuk stores private keys encrypted by AES. The data encryption key
(DEK)
12 matches
Mail list logo
