Old PC as Hardware Security Module?

Werner Koch wk at gnupg.org
Mon May 14 21:05:14 CEST 2007


On Mon, 14 May 2007 16:21, zvrba at globalnet.hr said:

> My personal opinion is that, at the current state of "security" in today's
> OS-es, smart cards give just a false sense of security in typical usage
> scenarios (= when used on a general-purpose, networked workstation).

Smart cards have one important advantage: You can't compromise the key -
you need the actual card for operation.  For example the card I use to
sign tarballs may be used on a comprimised computer and I sign something
different than I believe to do.  Eventually this will get noticed and
then I can identify the packages I signed (due to the signature counter
on the card).  There is no need to give up on the key - just the
signatures are not done correctly.  For a long term key where the public
part is widely deployed this is a real benefit.


Salam-Shalom,

   Werner




More information about the Gnupg-users mailing list