Peter Lebbing wrote: > Perhaps this is more a discussion for gnupg-devel or even not a gnupg > mailing list at all?
I've set up a separate mailing list - open-openpgp-card. See http://www.py-soft.co.uk/mailman/listinfo/open-openpgp-card to join. > I have a question regarding the current OpenPGP Card for Werner: does it > blind RSA calculations? If not, is there a different firewall against > using power analysis to obtain the secret key? >From what I recall of the BasicCard specs, no to both. > I was more thinking along the line of the AT Mega > Funcard with an Atmel ATmega161 or -163 EXACTLY what I concluded - if you're interested, join the above list and then browse the archives at http://www.py-soft.co.uk/mailman/private/open-openpgp-card/ > SOSSE is a nice starting ground for development; however, as this is a > security product, I think one should rewrite large parts of it with > constantly keeping security in mind. SOSSE is developed as an > educational platform, not a crypto provider. I think, if you audited > SOSSE code for security, you have more chance of overseeing a weakness > than if you wrote completely new code. I agree that SOSSE provides a good starting point. We may yet decide to write this from the ground up, but SOSSE will at least point us [me] in the right direction! :) > I'm not touching legality with a 40-feet pole, by the way :). Nor me... :) Ben _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
