More secure than smartcard or cryptostick against remote attacks?

Robert J. Hansen rjh at
Wed Feb 6 02:49:39 CET 2013

On 02/05/2013 01:04 PM, Peter Lebbing wrote:
> While I agree with the broad sentiment, I'm not so sure a certain
> amount of damage control is impossible with what he/she proposes. If
> you have a device with small attack surface[1] that shows you the
> plaintext you're about to sign before signing it *with that device*,
> you can at least prevent making bogus signatures. That still means
> you're in trouble when your PC is under control of an attacker, but
> you can't be coerced to issue false signatures. That's certainly
> something.

If you don't trust the PC that GnuPG is running on, don't run GnuPG on
that system.  (Or anything else that requires trust, for that matter.)
It makes no sense to me to believe that it's somehow possible to have a
dongle that you can plug into a compromised PC to make it safe (or
safer) to sign with.  If you believe the PC is compromised, cut it out
of your process completely.  There is no other realistic option here
that I can see.

More information about the Gnupg-users mailing list