Old PC as Hardware Security Module?
Simon Josefsson
simon at josefsson.org
Mon May 14 14:04:46 CEST 2007
"Robert J. Hansen" <rjh at sixdemonbag.org> writes:
>> What prevents the keylogger in your first example to snarf the PIN
>> code
>> for the OpenPGP card and send decryption requests to the OpenPGP card,
>> using the PIN code, in the background, possibly remotely controlled
>> over
>> the network?
>
> There exist cryptographic smart cards you can actually be safe
> against this kind of attack with. They're pretty cool.
How do they work?
I'd expect them to have a button, to authorize signing or decryption,
but without a display, you still have no idea what you really sign or
decrypt.
/Simon
More information about the Gnupg-users
mailing list