Questions tagged [smartcard]

A smart card, or chip card, is a fingernail-sized integrated circuit that is often embedded in a credit-card-sized plastic sheet. Smart cards are used as identification badges, banking cards, SIM in mobile phones, for key storage, and more.

A smart card (also called chip card, or ICC (integrated circuit card)) consists of an integrated circuit that is often embedded in a credit-card-sized plastic sheet. Smartcards do not contain their own power source. Contact smart cards communicate by being inserted into a reader device, while contactless smart cards communicate over radio waves; some cards support both methods.

Uses for smart cards include banking (ATM cards), electronic wallets, identification badges (for transit, healthcare, building access, computer login, …), mobile phone SIMs, …

Smart cards are often protected against physical tampering to some degree. They are often a repository of secret keys, making them a common “what you have” factor in multi-factor authentication. Chip cards range in capabilities from being a simple memory card which is read passively, to being capable of performing cryptographic operations on a key that never leaves the card.

222 questions

184

votes

5 answers

Why are chips safer than magnetic stripes?

After the recent Target hack there has been talk about moving from credit cards with magnetic stripes to cards with a chip. In what ways are chips safer than stripes?

credit-card smartcard

asked Jan 23 '14 at 13:05

Thomas

3,841
4
22
26

votes

4 answers

Detecting skimmers and other ATM traps

This question has been bothering me ever since I first heard of ATM skimmers: Instances of skimming have been reported where the perpetrator has put a device over the card slot* of an ATM (automated teller machine), which reads the magnetic…

credit-card smartcard fraud threats atm

asked May 18 '13 at 01:00

TildalWave

10,801
11
45
84

votes

2 answers

Is it possible to decrypt a satellite TV signal without using a smart card?

And if it is possible, why has it been decided to keep using a smart card for this task? I will be grateful if you can provide some practical examples on how to bypass the use of a smart card (if possible).

encryption smartcard satellite

asked Sep 04 '13 at 20:14

Israfel_21

votes

3 answers

How does storing GPG/SSH private keys on smart cards compare to plain USB drives?

I have a basic understanding of private/public key cryptography and have been using it for SSH logins and GPG encryption/signing for a while now. However, I have always kept the private key/keyrings in the default location, in my home directory…

ssh pgp smartcard

asked Jul 14 '13 at 05:30

user3243135

votes

3 answers

Do readers for the "Mifare DESFire EV1" smartcard really need to know the card's secret key in order to authenticate the card?

I'm trying to understand the security of a contactless smartcard system, used for access control and payment. The card is a Mifare DESFire EV1 implementing ISO 14443 (see the this documentation collection). I've read about side channel attacks…

authentication smartcard nfc

asked Nov 06 '15 at 10:58

Beat

votes

3 answers

GPG encryption subkey on multiple smart cards issue

Is there a way to tell GPG, that if it needs to decrypt something, that it can find the private encryption key on one of two smart cards? My (simplified) setup is as follows: Generated a master key offline with an encryption subkey. Transferred the…

encryption gnupg smartcard yubikey

asked Mar 23 '17 at 14:31

Scott

votes

3 answers

What is gained by hashing the last block on-device?

Recently I encountered the notion of "hashing the last block on-device". It means that when computing a digital signature, the hash that serves as input for the actual signature computation is not to be computed entirely in software but neither…

cryptography hash digital-signature smartcard

asked Jul 06 '11 at 20:57

emboss

4,298
1
16
17

votes

5 answers

Smart card + GnuPG: what is stored in my keyring/how to adopt smart card?

I recently bought a Yubikey Neo which can act as a OpenPGP smart card. I'd like to use this to store my private GnuPG key. I've gone through the initial setup and I am able to use the smart card to sign and encrypt files. After the setup the smart…

key-management gnupg smartcard yubikey

asked Nov 07 '13 at 15:12

Askford

votes

4 answers

How to check randomness of random number generators?

Assume that I have a smart card that returns an 8 byte (for example) random value on reception of a command. The question is that: How I can check if this value is really random? (I don't have any access to implementation and mechanism. I just see…

cryptography random smartcard

asked Mar 07 '15 at 08:22

TheGoodUser

votes

2 answers

Cryptography behind chip based credit cards (smart cards)?

Why are chips safer than magnetic stripes? The answers to the above question explain that the chip based cards can not be cloned as the "secret number" is embedded in the chip and protected by the use of public key cryptography. The chip also…

cryptography public-key-infrastructure smartcard

asked Jan 24 '14 at 05:19

Shurmajee

7,285
5
27
59

votes

2 answers

How to use a Yubikey NEO (or any OpenPGP card or GnuPG in general) to sign X.509 CSRs?

Since the Yubikey NEO can be used as an OpenPGP card (see here) with three 2048 bit RSA keys, I thought about creating a CA from one of its public keys. Since the private key cannot be extracted (according to that article at least, anyway that's the…

certificate-authority x.509 smartcard yubikey gnupg

asked Feb 18 '13 at 17:05

Tobias Kienzler

7,578
10
43
66

votes

3 answers

gpg-agent keeps saving pin for a smartcard

I've found today, that enigmail is decrypting a message without asking me for the smart card's PIN. It is asking only once, and then not ask at all. this is my gpg-agent.conf: default-cache-ttl 0 max-cache-ttl…

gnupg smartcard enigmail

asked Jan 04 '17 at 16:52

Stanimir Stoyanov

votes

1 answer

Pin required for accessing (smartcard) Card Authentication Slot

So let me set the stage: I have created an Intermediate Signing Certificate by way of the Yubico walkthrough: https://developers.yubico.com/PIV/Guides/Certificate_authority.html I made a couple changes, instead of the Digital Signature slot, I used…

public-key-infrastructure smartcard yubikey

asked Nov 28 '16 at 06:33

Ori

2,757
1
15
29

votes

1 answer

GnuPG + Yubikey 4: How to manually check that all keys are where they belong (on the Yubikey only)?

I created a GnuPG RSA master-key and 3x RSA subkeys (sign,encrypt,authenticate). Of course I want all key material to be stored solely on the Yubikey 4 - as they are only my 3 subkeys. Since I use the master-key only for certification of the…

pgp gnupg smartcard yubikey

asked Jan 03 '16 at 17:47

user3200534

votes

1 answer

export-secret-key after Yubikey is plugged in

I have a Yubikey Neo and is running GPGTools (GnuPG/MacGPG2 2.0.28) on OS X (10.11.2). I have generated a master key with SC abilities and separate signing and encryption keys which I have moved to the Yubikey via the keytocard command. These are…

gnupg smartcard yubikey

asked Dec 15 '15 at 08:58

Andrew Henderson

2 3

…

14 15 Next