More secure than smartcard or cryptostick against remote attacks?

Robert J. Hansen rjh at
Tue Feb 5 04:15:05 CET 2013

On 02/04/2013 02:26 AM, refreshing at wrote:
> Are there any external gpg signing devices to make gpg more resistant
> against remote control viruses?

No.  There are none, nor will there be.  You absolutely must retain
control of the processing hardware GnuPG runs upon.  If you don't have
that control, there is literally no device -- hardware or software --
that can help you.

> But when I send a mail I wrote the the crypto device a virus could make my
> screen lie to me and sign and send a malicious message somewhere else.
> Against this case I want to defend.

You can't.

> Are there any devices or systems I could use to verify my mail on a
> trusted device with small attack surface before I sign it?

This doesn't make sense to me.  You don't trust your PC running GnuPG,
so you want to verify your mail on a PC running GnuPG, just one that
happens to be 'trusted'?

(Also, you seem to be using the word 'trusted' in a way opposite from
its real meaning.  A system is trusted if it has the ability to break
your security policy.  It doesn't mean the system is actually
trustworthy.  It's a statement that you're *forced* to trust it, not
that you think it's *deserving* of trust.  See, e.g.:

... bottom of page 2, if you want to see an academic reference to this
definition of 'trusted'.)

More information about the Gnupg-users mailing list