More secure than smartcard or cryptostick against remote attacks?
refreshing at tormail.org
refreshing at tormail.org
Thu Feb 7 11:16:06 CET 2013
> Am Mi 06.02.2013, 10:28:13 schrieb Peter Lebbing:
>
>> Can you explain (broadly) how one would compromise the signature/the
>> device
>> that you sign with?
>
> That seems easy to me: Except for small amounts (secure device's display
> capacity) of very simple data (plain text) you have the problem that the
> PC
> which you need to create (and view) the data to be signed sends a blob to
> the
> secure device which is opaque to you.
>
> The problem is not to forge a signature but the difficulty to force that
> only
> data with checked integrity gets signed. How are you going to do that with
> a
> PDF?
Text only is all I need.
More information about the Gnupg-users
mailing list