private key protection

takethebus at takethebus at
Tue Oct 18 14:53:39 CEST 2011

Monday, October 17, 2011, 11:30:48 PM, Robert wrote:

> Smartcard and a good PIN.  That's pretty much the gold standard.  It's
> not the best way (there is no 'best way'), but it's generally an
> excellent place to start from.

I  read  a smartcard is simply a chip card. Why is it save, what's a
PIN? Say I'm using it on a PC with a trojan in the background
that logs my keystrokes (my password) and can send data (my key)
via  internet  to  an attacker. How is access restricted to the key by
the smartcard?

> 3. The best way is to have one PC connected to the internet and
> another, without an internet connection (missing network drivers and
> a fully encrypted hard disk for instance), which you use to decrypt
> and encrypt messages. You use an USB stick to carry messages from
> the internet PC to the one not connected to the net. If you don't
> have two PCs, you can use another USB stick with privatix without network drivers on it.

Since  the PC is "isolated" from the net, I don't need to be afraid of
software    keyloggers,    trojans   etc.   I'm   only  fulnerable  to
physical/hardware attacks  which  are  easier  to  notice for a person
who's no computer expert.

More information about the Gnupg-users mailing list