GPF Crypto Stick vs OpenPGP Card

Nils Faerber nils.faerber at
Fri Dec 3 09:47:27 CET 2010

Am 03.12.2010 03:52, schrieb Markus Krainz:
> On 2010-12-02 11:00, Łukasz Stelmach wrote:
>>> then the PIN pad becomes even more interesting.
>> I am not that paranoid to carry a full sized card reader with a PIN pad
>> with me.
> Even with PIN-pad on a compromised computer you still have no guarantee
> WHAT you are signing.
> My opinion is that if the computer is compromised you are lost anyway.

Well, yes and no.

With a pinpad at least you have to confirm any transaction so that
transactions cannot take place "under the hood" without you noticing.
Assuming the attacker got hold of the PIN a malicious software could do
an almost unlimited number of transactions without the user being able
to notice (well, at least most of the card readers I know do not have
something like an activity LED).

The non-obvious content of the transaction, what you say as "you do not
see what you sign even on the PIN-pad" is an issue that has been
discussed a lot of times already - yes, it is definitely an issue but
very hard to solve. IMHO this would require a card terminal that
understands the data to be signed and present the user with a meaningful
But it strictly assumes again that this terminal cannot be compromised
too. And being more intelligent (in order to display complex data) means
to be a more complex device containing more complex device software
which again opens new possible security holes.

Very difficult... I once worked in a consortium on such a specialised
solution where a PDA would be used as a crypto token and was sent a
parsable XML which was to be signed. The (parsed) XML could be presented
to the user, a hash calculated and be signed, all on the PDA token
terminal. But of course this only worked for the project's special XML

> Regards,
> Markus

kernel concepts GbR        Tel: +49-271-771091-12
Sieghuetter Hauptweg 48
D-57072 Siegen             Mob: +49-176-21024535

More information about the Gnupg-users mailing list