More secure than smartcard or cryptostick against remote attacks?

Peter Lebbing peter at digitalbrains.com
Tue Feb 5 19:04:25 CET 2013 

On 05/02/13 04:15, Robert J. Hansen wrote:
> No.  There are none, nor will there be.  You absolutely must retain
> control of the processing hardware GnuPG runs upon.  If you don't have
> that control, there is literally no device -- hardware or software --
> that can help you.

While I agree with the broad sentiment, I'm not so sure a certain amount of
damage control is impossible with what he/she proposes. If you have a device
with small attack surface[1] that shows you the plaintext you're about to sign
before signing it *with that device*, you can at least prevent making bogus
signatures. That still means you're in trouble when your PC is under control of
an attacker, but you can't be coerced to issue false signatures. That's
certainly something.

Obviously I'm assuming the private key is not on the compromised PC. I'm
assuming a whole lot more that I'll leave implied. I'm just saying it doesn't
sound over-and-shut end of the game to me when the PC is compromised.

> This doesn't make sense to me.  You don't trust your PC running GnuPG,
> so you want to verify your mail on a PC running GnuPG, just one that
> happens to be 'trusted'?

First of all, I think he/she meant "verify that the text I'm about to sign is
what I intended to sign", whereas you are probably thinking of "verifying a
cryptographic signature". And a dedicated, limited, well-designed single-purpose
device is more trustworthy than an Internet-connected general-purpose PC under
the right circumstances.

> (Also, you seem to be using the word 'trusted' in a way opposite from
> its real meaning.

>From the context it's perfectly obvious what he/she meant and makes sense in
general English. Why argue semantics here?

Just my 2 cents,

Peter.

[1] Read: not too much program code, well-defined limited communication
interfaces. I'd prefer a serial port :). Certainly not a USB device, though it
could contain a USB-to-serial chip, obviously.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

More information about the Gnupg-users mailing list