Crypto device where I need to confirm every operation?
Pete Stephenson
pete at heypete.com
Thu Jan 22 19:24:40 CET 2015
On Thu, Jan 22, 2015 at 6:00 PM, Felix E. Klee <felix.klee at inka.de> wrote:
> I currently use GnuPG with an OpenPGP Card V2.0 in a smart card reader
> with PIN pad. Surely, that adds a certain layer of security, as all
> encryption and signing operations happen on the card. However, there
> is one attack which I think could be easily prevented: With the card
> in the reader, the PIN entered, and Eve having remote access to my
> machine, she could sign and decrypt documents.
You can always enable the "forcesig" option, which requires that the
PIN be entered for every signature operation (you can enable by
inserting the card and then running'gpg --card-edit', then entering
'toggle', 'admin', 'forcesig').
I'm not aware of any similar option in regards to decryption.
--
Pete Stephenson
More information about the Gnupg-users
mailing list