USB key form-factor smart-card readers with pinpads?

Michel Messerschmidt lists at
Mon Jan 6 16:10:06 CET 2014

On Mon, Jan 06, 2014 at 10:34:06AM +0100, Werner Koch wrote:
> an attacking malware only needs to trick you info decrypt an arbitrary
> message and is then free to use the smartcard without having the reader
> ask you again for a PIN.

Although these are important attacks to consider, PIN entry on the reader 
itself still provides additional protection if you want to protect your 
own signatures.

> But for the other two keys we don't have such features.

There is the obvious possibility to remove and re-insert the card after 
every use to reduce this attack surface somewhat. 
But for such a tradeoff other things should be considerd first (is your 
PIN really your biggest concern if you don't trust your computer/keyboard, 
is your reader really more trustworthy than your computer, ...).

Michel Messerschmidt           lists at

More information about the Gnupg-users mailing list