OpenPGP smartcard, how vulnerable is it?

[Peter Lebbing]

On 16/08/12 10:29, gnupg at lists.grepular.com wrote:
> It can attempt to initiate decryption/signing, but it still requires the
> user to enter their pin, so some sort of social engineering is also
> required. It could wait for you to try to decrypt/sign something, and then
> send some alternative data to sign/decrypt to the reader instead, but at
> least the user would see that something went wrong, and that would only
> work for one sign/decrypt operation.

This is correct for signing, when using the "signature force PIN" flag.
Unfortunately, there is no equivalent flag for encryption (or authentication),
so once a user has entered the PIN, the malware can just request additional
decryptions and authentications. The user probably won't notice. A LED on the
reader might flash when accessing the card, but if you do those additional
encryptions and authentications directly after a user-initiated action, they
probably won't notice that it flashes for a little longer than normal.

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt