Add a warning about ROCA
This commit is contained in:
parent
819f4b736b
commit
0b77c33d97
11
README.md
11
README.md
@ -17,6 +17,17 @@ of them depend on underlying hardware support and available
|
|||||||
- Command and response chaining
|
- Command and response chaining
|
||||||
- AES 128/256 bits deciphering primitive
|
- AES 128/256 bits deciphering primitive
|
||||||
|
|
||||||
|
## Warnings
|
||||||
|
|
||||||
|
### ROCA
|
||||||
|
|
||||||
|
[Infineon SLE78](https://www.infineon.com/cms/en/product/security-smart-card-solutions/security-controllers/contactless-and-dual-interface-security-controllers/) chips are vulnerable to [ROCA](https://crocs.fi.muni.cz/public/papers/rsa_ccs17).
|
||||||
|
This attack is only relevant if you used on-device key generation. It allows an adversary to obtain your private key, using only your public key.
|
||||||
|
|
||||||
|
There isn't much that can be done to rectify this, other than generating the private RSA keys off of your device and importing them. [Other work arounds](https://crocs.fi.muni.cz/public/papers/rsa_ccs17#detection_tools_mitigation_and_workarounds). (Using the [OpenCrypto JCMathLib](https://github.com/OpenCryptoProject/JCMathLib) to handle the cryptographic functions may work too)
|
||||||
|
|
||||||
|
Use [this tool](https://github.com/crocs-muni/roca#install-with-pip) to determine if your public keys are vulnerable.
|
||||||
|
|
||||||
## Default values
|
## Default values
|
||||||
|
|
||||||
The SmartPGP applet is configured with the following default values:
|
The SmartPGP applet is configured with the following default values:
|
||||||
|
Loading…
Reference in New Issue
Block a user