0

How smart cards technically store their secrets?

I know smart card is whole computer on chip and it respond only to challenges. I know their software/firmware doesn't allow (it doesn't have the feature for that at all) to ever reveal the secret to others.
Anyway, the smart card must store secrets in its flash? Some claim that secrets are encrypted inside smart card, but then even the card itself can't use it, right?

I think smart cards store secrets as plain text in their flash, is that right? If so, every that gets physically access to the flash can read secrets directly, right? Of course, it's very hard because tamper-resistant design, but the thing is: is the case that security of smart cards is on physically tamper-resitance of package of the chip?

Virer
  • 1
  • 1
  • Those threads don't answer my question. E.g. are secrets encrypted inside smart card or are them there as plain text? I updated the question. So, please, reopen. – Virer Oct 25 '23 at 19:56
  • They do answer your question. Please read about certificates. Read about how some cards don't encrypt and some do. And the answers also talk about the standards used which do supply your answers, too. – schroeder Oct 25 '23 at 20:33
  • "I know smart card is whole computer on chip" -- no. "but then even the card itself can't use it, right?" -- why would it need to? Please use the duplicates to point you towards the design docs for how these card swork. – schroeder Oct 25 '23 at 20:34
  • ""I know smart card is whole computer on chip" -- no." What? Smart card is a computer. Please, read defition of computer. ""but then even the card itself can't use it, right?" -- why would it need to?" If card encrypt secrets it can't read them without the password. Most of smart cards doesn't need PIN for answering challenges. – Virer Oct 25 '23 at 20:50
  • Yes it has a processor. That doesn't make it a "whole computer". Please read the many links in the duplicate's answers. – schroeder Oct 25 '23 at 21:27
  • I added an extra one in case you are asking about how the card might access the private key (a 'secret') In any case, this has been asked a few times here and your answer can be found with a little searching. – schroeder Oct 25 '23 at 21:32
  • "Yes it has a processor. That doesn't make it a "whole computer"." A computer is processor+memory+something_interface. PC is a computer, smartphone is a computer, microcontroller is a computer and chip of smart card is a microcontoller. It's fact that smart card is a computer and that wasn't my question. – Virer Oct 25 '23 at 22:36
  • "I added an extra one in case you are asking about how the card might access the private key (a 'secret') In any case, this has been asked a few times here and your answer can be found with a little searching." I got answers for all my other questions except, are secrets in flash encrypted or not? Any of your links doesn't answer to it and that's why I opened new theard for it. Please, reopen it. – Virer Oct 25 '23 at 22:45
  • Actually, the other links do answer that. The answer is "it depends". Does the card follow standards? What is the card? That is covered by the other links. – schroeder Oct 26 '23 at 08:22

0 Answers0