More secure than smartcard or cryptostick against remote attacks?

Hauke Laging mailinglisten at
Wed Feb 6 11:37:30 CET 2013

Am Mi 06.02.2013, 10:28:13 schrieb Peter Lebbing:

> Can you explain (broadly) how one would compromise the signature/the device
> that you sign with?

That seems easy to me: Except for small amounts (secure device's display 
capacity) of very simple data (plain text) you have the problem that the PC 
which you need to create (and view) the data to be signed sends a blob to the 
secure device which is opaque to you.

The problem is not to forge a signature but the difficulty to force that only 
data with checked integrity gets signed. How are you going to do that with a 

The only possibility I see is that the secure device shows you the hash of the 
data to be signed. IIRC unfortunately OpenPGP does not sign the data hash but 
the hash of the combination of the data and signature metadata which really 
doesn't make this easier. So you would need a secure device which you can give 
both the data and the metadata so that it can show both (in case of the data: 
just the hash) to the user. Then you can (safely...) copy the data to several 
PCs and have them show you both the file hash and the document (in that 
order). Hoping that at least one of the PCs is not compromised.

I really hope that the next version of OpenPGP will sign data and metadata 
separately (and allow for multiple hashes of different types in the same 
signature) to get rid of this annoyance.

PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20130206/28abdc09/attachment.pgp>

More information about the Gnupg-users mailing list