GPF Crypto Stick vs OpenPGP Card

Markus Krainz ldm at
Fri Dec 3 14:12:36 CET 2010

On 2010-12-03 13:21, Hauke Laging wrote:
> A first improvement would be to show the hash to be signed. Of course, you 
> cannot trust the hash calculation on a potentially compromised PC but this 
> would be a start for further protection (e.g. by sending the file to someone 
> else and comparing the hashes).
> If I understand the process correctly then not the file hash is signed but the 
> hash for a combination of the file hash and some metadata (timestamp, signer 
> ID). For a security progress the card reader would have to see both hash 
> components which would require a protocol change. IMHO it makes sense to plan 
> this for the future. Ask the card reader whether it has a display and can do 
> the hash calculation itself. If so then send the data in a new format.
> Hauke


Very interesting ideas and valuable discussion. Why is this issue so
important to me?

Because I personally witnessed the Austrian government giving away
hundreds of so called "Bürgerkarten" smartcards and free smartcard
readers during the 2009 student election. They gave them to the students
without explaination and everyone chose a PIN on a public, possibly
compromised, laptop form the university. The whole procedure took about
3 minutes per student.

What nobody explained to them was that these cards can be used to sign
almost anything. The signatures are equal by law to written signatures
in almost all kinds of contracts. If your computer is infected you can
not tell if you just sold your car for 20.000 euros or 5.000 euros.

I think this was a mayor scandal but I never heard anything about it in
the media. This is why am I so sensitive about this distinction. This
card is still sold and required for online activities with the goverment

Back to gnupg:

On 2010-12-03 10:26, Werner Koch wrote:
> However your key won't become compromised and by plugin the smartcard in
> only if needed you limit the time frame for malicious use of your key.

Thats absolutely right. And I think this is why we use the gnupg
smartcard including me ;)

However you trade this for other disadvantages. My laptop is closely
monitored for physical access and I think it's temper evident for me if
someone would install a hardware keylogger.
So tell me where is the key more secure:
1. on my laptop, which is protected with full disk encryption
implemented in open source, and which I operate with an open source
operating system and where I employ a rigid patching policy or
2. on a smartcard, where I know nothing about the hardware
implementation and where my key is either not encrypted at all or
encrypted with a pin that is 6 digits only by default.
I have no idea what hardware flaws the card has and how well it can
withstand reverse engineering [2]. I am pretty confidet that my  OSS-FDE
protected harddisk does a better job in protecting my key against
physical attacks.



More information about the Gnupg-users mailing list