OpenPGP smartcard, how vulnerable is it?

Peter Lebbing peter at
Sat Aug 18 13:16:14 CEST 2012

On 16/08/12 10:29, gnupg at wrote:
> It can attempt to initiate decryption/signing, but it still requires the
> user to enter their pin, so some sort of social engineering is also
> required. It could wait for you to try to decrypt/sign something, and then
> send some alternative data to sign/decrypt to the reader instead, but at
> least the user would see that something went wrong, and that would only
> work for one sign/decrypt operation.

This is correct for signing, when using the "signature force PIN" flag.
Unfortunately, there is no equivalent flag for encryption (or authentication),
so once a user has entered the PIN, the malware can just request additional
decryptions and authentications. The user probably won't notice. A LED on the
reader might flash when accessing the card, but if you do those additional
encryptions and authentications directly after a user-initiated action, they
probably won't notice that it flashes for a little longer than normal.


I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at

More information about the Gnupg-users mailing list