secure channel support via PACE
Jacob Bachmeyer
jcb62281 at gmail.com
Fri Feb 13 04:52:23 CET 2026
On 2/12/26 10:39, Mario Haustein via Gnupg-devel wrote:
> [...]
>
> [...] One just need to send an APDU to the card reader at the
> beginning to establish the secure channel or alternatively to send a cached
> card access number (CAN) to the reader so the reads skips querying it from the
> card holder. The latter method should be preferred as it is very annoying to
> enter the CAN every time. There is now drawback in caching a CAN.
Assuming you meant "no drawback", are you sure about that? What if a
cached CAN leaks somehow? Could malware abuse a cached CAN to perform
operations without the user's knowledge?
-- Jacob
More information about the Gnupg-devel
mailing list