GPF Crypto Stick vs OpenPGP Card

Werner Koch wk at
Fri Dec 3 17:32:50 CET 2010

On Fri,  3 Dec 2010 13:21, mailinglisten at said:

> A first improvement would be to show the hash to be signed. Of course, you 

That does not help.  Even if you would be able to compare it with the
hash displayed on the host box, you gain nothing: Any malware which
foist you a different file for signing won't have a problem to display
you the same hash value on the host and and the pinpad.

The whole problem of a secure signing device is a problem of the data
formats you want to sign.  With any of todays en vogue data formats, you
need a lot of code on your secure signing device (e.g. a pinpad) to
render it for display.  This increases the complexity to a level where
it will be possible to exploit bugs in those OpenOffice or PDF viewers.
In addition those formats have other intrinsic problems which make them
a bad choice to be signed in a secure way.  What might work are JPEGs -
but who wants to sign a JPEG file and have recipients work with an image
of your text?  Plain text may work, though.  For a long text it won't
work either, because nobody is going to proofread a text on some small
display before signing it.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list