-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 20/12/13 10:28, Mike Cardwell wrote: > I have a V2 OpenPGP SmartCard. I'm wondering if this would be vulnerable to > the attack in question? Also, what about the Crypto Stick? Presumably these > generate the same sort of noise during signing/decryption that the CPU > would, but there's nothing GnuPG can do in software to mask it?
I'd be surprised if the smartcards don't employ RSA blinding because it is a standard technique. A smartcard is supposed to protect the key even if it falls into the wrong hands (up to a certain point). Analysis of the power usage of the card during decryption or signing can quickly leak a private key without blinding. Another common thing is that you can get info on the private key by glitching: momentarily sharply reduce the power supply voltage to make bits fall over in the processor. If the processor returns the result of the faulty computation to you, this can give insight on the private key. A simple technique to counter this is to do the public counterpart of the private computation at the end, and check if the result matches the original input. Only return data when they match, otherwise just indicate "an error occured". By the way, usually the actual crypto computations are implemented as primitives in the smartcard, and the OpenPGP application just asks "decrypt this for me". So all the masking techniques are part of the hardware and the OS, not the OpenPGP application (although checking the result for glitches can be done by the application). HTH, Peter. - -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users