Old PC as Hardware Security Module?

Simon Josefsson simon at josefsson.org
Mon May 14 14:04:46 CEST 2007

"Robert J. Hansen" <rjh at sixdemonbag.org> writes:

>> What prevents the keylogger in your first example to snarf the PIN  
>> code
>> for the OpenPGP card and send decryption requests to the OpenPGP card,
>> using the PIN code, in the background, possibly remotely controlled  
>> over
>> the network?
> There exist cryptographic smart cards you can actually be safe  
> against this kind of attack with.  They're pretty cool.

How do they work?

I'd expect them to have a button, to authorize signing or decryption,
but without a display, you still have no idea what you really sign or


More information about the Gnupg-users mailing list