Malware targeting GnuPG/PGP Keyrings
Werner Koch
wk at gnupg.org
Sat Sep 27 12:55:29 CEST 2008
On Fri, 26 Sep 2008 21:49, kloecker at kde.org said:
> install their malware. Imagine a trojan GnuPG with a valid signature
> made with Werner Koch's key.
Fortunately I use a smartcard to sign releases. The card is only
plugged in if needed and in most cases I even use the pinpad to enter
the PIN. So this is quite well secured against a remote attacker. Of
course I can't reliable check what I am really signing.
Shalom-Salam,
Werner
--
Linux-Kongress 2008 + Hamburg + October 7-10 + www.linux-kongress.org
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.
More information about the Gnupg-users
mailing list