Whishlist for next-gen card

NdK ndk.clanbo at gmail.com
Fri Feb 27 21:59:15 CET 2015

Il 27/02/2015 19:43, Peter Lebbing ha scritto:

> I don't understand the practical difference between HOTP and the button
> to confirm an action.
That the HOTP doesn't need HW support so it can be implemented in
standard smartcards.

>> If that info is embedded in the signature packet, it could add something
>> to the signature value (if the receiving party sees that signature is
>> about a txt file and the presented object is a doc, there's something
>> wrong and suspect).
> Are you proposing that the internal hash state after the hashing of the
> document is handed over to the smartcard, after which the smartcard
> computes the hash over the signature subpackets that you want protected
> this way? It's unclear to me how you see such a thing be implemented
> without passing all data to the smartcard.
Well, IIRC there are cards that require you to compute all but the last
round of the hash, then pass the last block of data and the current
state to let them compute the result (and maybe do the padding before
signing). Something similar could be used for this: the last block will
include the shown data just before the file len.

> I've had a quick look in RFC 4252, with public key user authentication
> for SSH2. I don't think there's anything that you can show on a display
> that would help the user decide if it were what they wanted to see.
> After a really quick glance in the RFC, I see just the username and the
> session identifier. The username is hardly unique (I usually use peter),
> and the session identifier is a unique number computed for the SSH
> session. It's the bit that prevents signature replay attacks but is not
> useful to show on a display, since the user can't tell whether it's good
> or not: it's just the output of a hash function.
For auth it should be the hash of the host's pub key, the same SSH shows
you the first time you connect to that host.

> All this is based on a really quick read of documentation I hadn't
> consulted before. It could be glaringly wrong. But when you said "it is
> the fingerprint", I wondered if you misunderstood or that the
> fingerprint is actually part of the challenge. I don't think it is.
Since the challenge have to be encrypted to the host's pub key, you can
display its hash. I'll have another look at the RFC tomorrow morning...


More information about the Gnupg-users mailing list