Crypto device where I need to confirm every operation?
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Jan 22 21:08:31 CET 2015
On Thu 2015-01-22 12:00:44 -0500, Felix E. Klee wrote:
> I currently use GnuPG with an OpenPGP Card V2.0 in a smart card reader
> with PIN pad. Surely, that adds a certain layer of security, as all
> encryption and signing operations happen on the card. However, there
> is one attack which I think could be easily prevented: With the card
> in the reader, the PIN entered, and Eve having remote access to my
> machine, she could sign and decrypt documents.
>
> To prevent such an attack, I imagine a device where I have to confirm
> every transaction with a simple push on a hardware button.
Yes, this is certainly possible. I think some of the yuibkey devices
[0] may support this feature, and it should also be possible (with a bit
of hardware hacking) to do it with the FST-01, which is the platform for
the gnuk [1].
[0] https://www.yubico.com/products/yubikey-hardware/yubikey-neo/ -- i
haven't tested, though!
[1] http://www.fsij.org/category/gnuk.html
If anyone is considering adding this kind of feature to the FST-01, i'd
be happy to test and debug it with them.
--dkg
More information about the Gnupg-users
mailing list