<html><head></head><body><div class="ydpac60a0cbyahoo-style-wrap" style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:16px;"><div></div>
<div><span style="color: rgb(38, 40, 42); font-size: 13px;">On Tuesday, 5 January 2021, 01:03:25 pm AEST, NIIBE Yutaka <gniibe@fsij.org> wrote:</span><br></div></div><div id="ydp482f0bcbyahoo_quoted_0019170823" class="ydp482f0bcbyahoo_quoted"><div style="font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;font-size:13px;color:#26282a;">
<div><br></div>
<div><br></div>
<div><div dir="ltr">> Mark Debian wrote:<div class="ydp482f0bcbyqt6715905325" id="ydp482f0bcbyqtfd34972"><br clear="none">> > Can someone tell me how to enable the ack button functionality using<br clear="none">> > FST-01sz? When I configure latest gnuk, before compiling, the output<br clear="none">> > of the configure command says:"Acknowledge button is supported"</div><br clear="none"><br clear="none">> Currently, it is only supported in GnuPG in master (to be 2.3).<br clear="none">> With "--card-edit" option, we have "uif" sub-command (User Interaction<br clear="none">> Flag) to enable/disable the functionality. When enabled, a user<br clear="none">> has to acknowledge the operation (sign/decrypt/auth) by the device.</div><div dir="ltr"><br></div><div dir="ltr" data-setdir="false">Ahhh. I see. Even debian sid still only has version <span>2.2.20</span><br clear="none"><br clear="none">> Personally, I don't use it. For SSH key, I use the feature of gpg-agent<br clear="none">> which asks confirmation (by pop-up window on desktop).</div><div dir="ltr" data-setdir="false"><br></div><div dir="ltr" data-setdir="false">I hadn't been worried about this use until recently.</div><div dir="ltr" data-setdir="false"><br></div><div dir="ltr" data-setdir="false">Correct me if I am wrong:</div><div dir="ltr" data-setdir="false"><br></div><div dir="ltr" data-setdir="false">After you insert and use your Gnuk token smartcard the gpg-agent will cache your password. If someone has backdoor shell access then they can simply use your key until you remove it from the USB port. You would not even notice that your key is being used.</div><div dir="ltr" data-setdir="false"><br></div><div dir="ltr" data-setdir="false">I think you can configure the gpg-agent to ask the password every time but that is a bit of a pain if you have a decent password length. In any case, someone with backdoor shell access could just reconfigure the agent to cache the password again without you knowing or even keylog your password.</div><div dir="ltr" data-setdir="false"><br></div><div dir="ltr" data-setdir="false">If you force the ack button functionality on the Gnuk then this can't be disabled by an attacker without your master passphrase. You could ensure that you only enabled the ack button functionality, and only entered the master passphrase, using an air-gapped trusted machine. If you followed this use case then you would never need to enter the master passphrase for normal use and therefore it would never be entered on your normal work machine. The ack button functionality will then require you to use a magnet to acknowledge the key use every time. An attacker with remote access _and your passphrase_ would still not be able to "press" the ack button nor disable its requirement.</div><div dir="ltr" data-setdir="false"><br></div><div dir="ltr" data-setdir="false">Otherwise how do you counter the threat of someone gaining backdoor shell access to your account? That is the threat that the smartcard ultimately provides the extra protection against.</div><div dir="ltr" data-setdir="false"><br></div><div dir="ltr" data-setdir="false">Regards,</div><div dir="ltr" data-setdir="false">Mark.</div><div dir="ltr" data-setdir="false"><div class="ydp482f0bcbyqt6715905325" id="ydp482f0bcbyqtfd57722"><br clear="none">-- <br clear="none"></div></div></div>
</div>
</div></body></html>