Il 19/10/2016 13:06, Werner Koch ha scritto: > There is no integrated card. gnuk uses an SM32 MCU which implements the > OpenPGP card and CCID interface specs. This has the huge advantage that > all software (firmware) is free software. The drawback is that it is > not tamper resistant - your safe with important woodware documents or > your gpg key backup isn't tamper resistant either. I prefer the free > software solution given that the attack surface is smaller. Well, actually the situation is a bit better: the keys at rest are stored encrypted, even if kdf function uses less rounds not to slow down unlocking too much... So even if an adversary manages to get the token and retrieve the memory contents, he still have to find the passphrase to decode the keys. Quite like the situation where he somehow accesses your privring from a powered down computer.
BYtE, Diego _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users