On 18/12/16 01:56, Robert J. Hansen wrote: > Nope. OpenPGP requires each RSA encryption add at least eight random > bytes to the data pre-encryption in order to make even identical > messages encrypt to different ciphertexts.
However, this randomness is added by the host, not by the smartcard. The OpenPGP smartcard really only does a deterministic action, and its correctness can be verified simply by doing the RSA public key operation on the output and checking that the result is identical to what was fed to the smartcard. I can't think of a side channel to leak the private key to an attacker through an uncompromised host, but I wouldn't be surprised if there is such a side channel. Does anybody have a cool way to leak this? Single bits at a time will do! :-) (We've already established that if the private key is generated on-card, it is trivial to reconstruct it for an attacker that can insert a backdoor into the smartcard) HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users