GPF Crypto Stick vs OpenPGP Card

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Dec 3 18:45:18 CET 2010


On 12/03/2010 11:32 AM, Werner Koch wrote:
> What might work are JPEGs -
> but who wants to sign a JPEG file and have recipients work with an image
> of your text?

JPEGs themselves are problematic because of the ability to embed
arbitrary data in the metadata fields (EXIF, etc [0]).  So unless Are
you willing to try to display arbitrary metadata on your externalized
device, you're in trouble there too.

> Plain text may work, though.  For a long text it won't
> work either, because nobody is going to proofread a text on some small
> display before signing it.

my laptop display is pretty small, and i read what i sign on it ;)

	--dkg

[0]
http://blogs.sitepoint.com/2006/08/24/open-source-image-archiving-exif-iptc-xmp-and-all-that/


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20101203/e2b08ba3/attachment.pgp>


More information about the Gnupg-users mailing list