How to enable ack button functionality on FST-01sz

Mark Debian mark_debian at yahoo.com
Wed Jan 6 16:13:04 CET 2021


 On Tuesday, 5 January 2021, 01:03:25 pm AEST, NIIBE Yutaka <gniibe at fsij.org> wrote:
 
 
 > Mark Debian wrote:
> > Can someone tell me how to enable the ack button functionality using
> > FST-01sz?  When I configure latest gnuk, before compiling, the output
> > of the configure command says:"Acknowledge button is supported"

> Currently, it is only supported in GnuPG in master (to be 2.3).
> With "--card-edit" option, we have "uif" sub-command (User Interaction
> Flag) to enable/disable the functionality.  When enabled, a user
> has to acknowledge the operation (sign/decrypt/auth) by the device.
Ahhh.  I see.  Even debian sid still only has version 2.2.20

> Personally, I don't use it.  For SSH key, I use the feature of gpg-agent
> which asks confirmation (by pop-up window on desktop).
I hadn't been worried about this use until recently.
Correct me if I am wrong:
After you insert and use your Gnuk token smartcard the gpg-agent will cache your password.  If someone has backdoor shell access then they can simply use your key until you remove it from the USB port.  You would not even notice that your key is being used.
I think you can configure the gpg-agent to ask the password every time but that is a bit of a pain if you have a decent password length.  In any case, someone with backdoor shell access could just reconfigure the agent to cache the password again without you knowing or even keylog your password.
If you force the ack button functionality on the Gnuk then this can't be disabled by an attacker without your master passphrase.  You could ensure that you only enabled the ack button functionality, and only entered the master passphrase, using an air-gapped trusted machine.  If you followed this use case then you would never need to enter the master passphrase for normal use and therefore it would never be entered on your normal work machine.  The ack button functionality will then require you to use a magnet to acknowledge the key use every time.  An attacker with remote access _and your passphrase_ would still not be able to "press" the ack button nor disable its requirement.
Otherwise how do you counter the threat of someone gaining backdoor shell access to your account?  That is the threat that the smartcard ultimately provides the extra protection against.
Regards,Mark.
-- 
  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnuk-users/attachments/20210106/30f5faad/attachment.html>


More information about the Gnuk-users mailing list