Crypto device where I need to confirm every operation?

Daniel Kahn Gillmor dkg at
Thu Jan 22 21:08:31 CET 2015

On Thu 2015-01-22 12:00:44 -0500, Felix E. Klee wrote:
> I currently use GnuPG with an OpenPGP Card V2.0 in a smart card reader
> with PIN pad. Surely, that adds a certain layer of security, as all
> encryption and signing operations happen on the card. However, there
> is one attack which I think could be easily prevented: With the card
> in the reader, the PIN entered, and Eve having remote access to my
> machine, she could sign and decrypt documents.
> To prevent such an attack, I imagine a device where I have to confirm
> every transaction with a simple push on a hardware button.

Yes, this is certainly possible.  I think some of the yuibkey devices
[0] may support this feature, and it should also be possible (with a bit
of hardware hacking) to do it with the FST-01, which is the platform for
the gnuk [1].

[0] -- i
    haven't tested, though!


If anyone is considering adding this kind of feature to the FST-01, i'd
be happy to test and debug it with them.


More information about the Gnupg-users mailing list