Old PC as Hardware Security Module?
Werner Koch
wk at gnupg.org
Mon May 14 21:05:14 CEST 2007
On Mon, 14 May 2007 16:21, zvrba at globalnet.hr said:
> My personal opinion is that, at the current state of "security" in today's
> OS-es, smart cards give just a false sense of security in typical usage
> scenarios (= when used on a general-purpose, networked workstation).
Smart cards have one important advantage: You can't compromise the key -
you need the actual card for operation. For example the card I use to
sign tarballs may be used on a comprimised computer and I sign something
different than I believe to do. Eventually this will get noticed and
then I can identify the packages I signed (due to the signature counter
on the card). There is no need to give up on the key - just the
signatures are not done correctly. For a long term key where the public
part is widely deployed this is a real benefit.
Salam-Shalom,
Werner
More information about the Gnupg-users
mailing list