Crypto device where I need to confirm every operation?

Pete Stephenson pete at
Thu Jan 22 19:24:40 CET 2015

On Thu, Jan 22, 2015 at 6:00 PM, Felix E. Klee <felix.klee at> wrote:
> I currently use GnuPG with an OpenPGP Card V2.0 in a smart card reader
> with PIN pad. Surely, that adds a certain layer of security, as all
> encryption and signing operations happen on the card. However, there
> is one attack which I think could be easily prevented: With the card
> in the reader, the PIN entered, and Eve having remote access to my
> machine, she could sign and decrypt documents.

You can always enable the "forcesig" option, which requires that the
PIN be entered for every signature operation (you can enable by
inserting the card and then running'gpg --card-edit', then entering
'toggle', 'admin', 'forcesig').

I'm not aware of any similar option in regards to decryption.

Pete Stephenson

More information about the Gnupg-users mailing list