https://bugzilla.suse.com/show_bug.cgi?id=1219191 Bug ID: 1219191 Summary: VUL-0: gpg2: Smartcard generation keeps an unprotected backup key on disk Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.5 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: pmonrealgonzalez@suse.com Reporter: Andreas.Stieger@gmx.de QA Contact: qa-bugs@suse.de CC: security-team@suse.de Target Milestone: --- Found By: --- Blocker: --- It was discovered that GnuPG before 2.4.4 kept an additional unprotected copy of the encryption subkey on disk. 2.4.2, 2.4.3, 2.2.42 affected if the card generation was done with the command gpg --card-edit. If the smartcard was created without a backup of the encryption key the problem does not show up either. Having a password protected backup key is expected behavior. References: https://gnupg.org/blog/20240125-smartcard-backup-key.html -- You are receiving this mail because: You are on the CC list for the bug.