How to enable ack button functionality on FST-01sz

[Mark Debian]

> Even with a touch-to-sign button you still don't known what you actually> sign or whether the displayed PDF is the PDF actually sent out.  A

Hmm.  I guess not.

> compromised box is a game-over condition.  Tilt.  Restart from scratch.
> You _may_ not need to re-boot your public key infrastructure due to the
> token, though.
Yes.
It sounds like you really need a smartcard with a built in touch screen for entering the PIN and also displaying confirmation about just what you are signing.
Is there any device like the NGrave device for use with GnuPG which is air gapped and achieves the cryptographic signatures through scanning QR codes or the like?
Regards,Mark.

    On Thursday, 7 January 2021, 07:50:12 pm AEST, Werner Koch <wk at gnupg.org> wrote:  
 
 On Wed,  6 Jan 2021 21:31, Mark Debian said:

>> BTW, Forcing a user to enter the Admin-PIN is pretty easy.  Just let
>> the> malware use up the the PIN along with some social engineering
>> and most> users will enter the Admin PIN to unblock the PIN...
>
> However education can protect against that threat.  Only ever use the

Yes with proper SecOPs training you could do that but that also involves
a lot of other procedures, hardware and people.  The reality is
different.

Even with a touch-to-sign button you still don't known what you actually
sign or whether the displayed PDF is the PDF actually sent out.  A
compromised box is a game-over condition.  Tilt.  Restart from scratch.
You _may_ not need to re-boot your public key infrastructure due to the
token, though.


Shalom-Salam,

  Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnuk-users/attachments/20210107/2d280b8e/attachment.html>