USB key form-factor smart-card readers with pinpads?

Sam Kuper sam.kuper at uclmail.net
Tue Jan 7 16:28:10 CET 2014 

Dear Werner,

Thank you for your kind reply.

On 06/01/2014, Werner Koch <wk at gnupg.org> wrote:
>>> The question is whether this is really helpful.  Yes, it protects your
>>> PIN

That is helpful. No question about this part!

> After a successful verification of the PIN the card allows the use of
> the PSO Decrypt command until a power down or a reset operation.

I have several questions about this statement. If, after reading them,
you believe there exists documentation that should be able to answer
them, then please simply point me to that documentation.

1. The document "Functional Specification of the OpenPGP application
on ISO Smart Card Operating Systems, Version 2.0.1"[1] mentions
"PSO:DEC" but does not define it. That document also mentions
"PSO:DECRYPT" but does not define it. And finally, that document
defines "PSO: DECIPHER". Are these three terms synonyms, or do they
denote different things?

2. I assume that your "PSO Decrypt" means the same as "PSO:Decrypt" in
the specification document mentioned above. Is this assumption
correct?

3. When you say, "a power down or a reset operation", do you mean (a)
"the card is powered down or reset", or (b) "the host computer is
powered down or reset", or (c) something else?

> Thus
> an attacking malware only needs to trick you [into decrypting] an arbitrary
> message and is then free to use the smartcard without having the reader
> ask you again for a PIN.

That is somewhat disappointing to me, although perhaps that is because
my knowledge is limited and I am simply unaware of a good reason for
this behaviour.

Anyhow, am I right in thinking that, having verified the PIN and
decrypted a message, disconnecting the reader from the PC (or removing
the card from the reader, or both), would cause subsequent malicious
attempts to call PSO Decrypt, to result in failure (at least until the
card and reader have been reconnected to the host PC and the PIN
verified again)?

> For the signature key we have this "forcesig" command which switches the
> card into a mode which requires a VERIFY command before each PSO Sign
> command.

I can't find the string "PSO Sign" in [1]. Are you using it
synonymously with "PSO: COMPUTE DIGITAL SIGNATURE" (and/or "PSO:CDS")?
If not, please can you tell me where the "PSO Sign" command is
documented?

I can't find the string "forcesig" in [1]. Please can you tell me
where it is documented?

Many thanks,

Sam

[1] http://g10code.com/docs/openpgp-card-2.0.pdf

More information about the Gnupg-users mailing list