USB key form-factor smart-card readers with pinpads?

David Tomaschik david at
Thu Jan 9 20:16:49 CET 2014

Ignoring the fact that if the machine you are using for crypto operations
is compromised, you have lost (at least for the operations conducted while
it is compromised), a smartcard without a PIN pad may compromise your pin
(and allow arbitrary operations while the smartcard is protected) but still
protects the key material itself.  Unless the malware has a history of all
your previous email, an attacker still doesn't have the key to compromise
your past email.

The smartcard (without a PIN pad) also allows for use of a lower-entropy
passphrase/PIN than Scenario 1 in the case of theft.  Theft of a key stored
on disk is vulnerable to offline attack, theft of a key on a smartcard is
much harder to use (as the smartcard locks itself after some number of
wrong pins).  (This ignores three-letter-agency attacks against the
smartcard hardware to extract the key material from the EEPROM of the smart
card itself, bypassing the card applet.)

On Thu, Jan 9, 2014 at 9:42 AM, Sam Kuper <sam.kuper at> wrote:

> On 07/01/2014, Sam Kuper <sam.kuper at> wrote:
> > On 06/01/2014, Werner Koch <wk at> wrote:
> >>>> The question is whether this is really helpful.  Yes, it protects your
> >>>> PIN
> >
> > That is helpful. No question about this part!
> Perhaps I should be clearer about why I believe it is unquestionably
> helpful for OpenPGP-compatible smart card readers to be trustworthy
> and to have pinpads.
> **Scenario 1: There is no doubt that the local machine is secure and
> completely free of malware.** In this case, there is no need for a
> pinpad; but there is also no need for an OpenPGP smart card. To
> address other threats (e.g. physical theft), the user's auth/sign/enc
> keys should of course be passphrase-protected; and they can
> additionally be stored in and/or backed up to an encrypted folder, for
> instance on a USB stick if portability is desired.
> **Scenario 2: There is some doubt about the local machine, such that
> the procedure outlined in scenario 1 is not considered sufficiently
> secure.** In this case, storing the private keys on an OpenPGP card
> will prevent them from being stolen; but any machine about which this
> level of doubt exists cannot be assumed to safeguard the PIN(s) of an
> OpenPGP card. Therefore, the solution here is to use an OpenPGP card
> and a card reader with a pinpad.
> I believe that in respect of any local PC, these two scenarios are
> exhaustive. It follows that I don't see much (any) value in a card
> reader without a pinpad.
> Nevertheless, perhaps that belief is wrong. If so, then I'm happy to
> stand corrected.
> In the meantime, I hope I can find a small form-factor
> OpenPGP-compatible smart card reader with a pin pad. I would be
> grateful for pointers :)
> Regards,
> Sam
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at

David Tomaschik
OpenPGP: 0x5DEA789B
david at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140109/536398fb/attachment.html>

More information about the Gnupg-users mailing list