Malware targeting GnuPG/PGP Keyrings

Werner Koch wk at
Sat Sep 27 12:55:29 CEST 2008

On Fri, 26 Sep 2008 21:49, kloecker at said:

> install their malware. Imagine a trojan GnuPG with a valid signature 
> made with Werner Koch's key.

Fortunately I use a smartcard to sign releases.  The card is only
plugged in if needed and in most cases I even use the pinpad to enter
the PIN.  So this is quite well secured against a remote attacker.  Of
course I can't reliable check what I am really signing.



Linux-Kongress 2008 + Hamburg + October 7-10 +

   Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.

More information about the Gnupg-users mailing list