USB key form-factor smart-card readers with pinpads?
Sam Kuper
sam.kuper at uclmail.net
Thu Jan 9 18:42:44 CET 2014
On 07/01/2014, Sam Kuper <sam.kuper at uclmail.net> wrote:
> On 06/01/2014, Werner Koch <wk at gnupg.org> wrote:
>>>> The question is whether this is really helpful. Yes, it protects your
>>>> PIN
>
> That is helpful. No question about this part!
Perhaps I should be clearer about why I believe it is unquestionably
helpful for OpenPGP-compatible smart card readers to be trustworthy
and to have pinpads.
**Scenario 1: There is no doubt that the local machine is secure and
completely free of malware.** In this case, there is no need for a
pinpad; but there is also no need for an OpenPGP smart card. To
address other threats (e.g. physical theft), the user's auth/sign/enc
keys should of course be passphrase-protected; and they can
additionally be stored in and/or backed up to an encrypted folder, for
instance on a USB stick if portability is desired.
**Scenario 2: There is some doubt about the local machine, such that
the procedure outlined in scenario 1 is not considered sufficiently
secure.** In this case, storing the private keys on an OpenPGP card
will prevent them from being stolen; but any machine about which this
level of doubt exists cannot be assumed to safeguard the PIN(s) of an
OpenPGP card. Therefore, the solution here is to use an OpenPGP card
and a card reader with a pinpad.
I believe that in respect of any local PC, these two scenarios are
exhaustive. It follows that I don't see much (any) value in a card
reader without a pinpad.
Nevertheless, perhaps that belief is wrong. If so, then I'm happy to
stand corrected.
In the meantime, I hope I can find a small form-factor
OpenPGP-compatible smart card reader with a pin pad. I would be
grateful for pointers :)
Regards,
Sam
More information about the Gnupg-users
mailing list