making (future) OpenPGP cards without PIN pad safer

Michel Messerschmidt lists at
Wed Nov 21 20:42:38 CET 2012

On Wed, Nov 21, 2012 at 06:46:36PM +0100, Hauke Laging wrote:
> The card already has additional storage for private use (if I have understood 
> the documentation correctly). The idea: Wouldn't it be rather easily possible 
> to allow the use of the card by
> a) either the real password (like today) 
> b) or one of several one-time passwords (TANs) which you can load into the 
> card by supplying the real password (or the admin password)?
> This reduce the risk of using the card with systems of unknown security a lot 
> (without increasing the cost of the card).

If you want to reduce the dependency on unknown systems, I would 
rather have a look at cards with integrated keypad. 
A future OpenPGP card might take advantage of this feature.

It will not remove the trust dependency on a potentially insecure 
system, but will reduce the exposure of your credentials (private key 
and PIN/passphrase). 

More information about the Gnupg-users mailing list