Crypto device where I need to confirm every operation?

Johannes Zarl johannes at
Thu Jan 22 19:34:51 CET 2015

On Thursday 22 January 2015 17:00:44 Felix E. Klee wrote:
> However, there
> is one attack which I think could be easily prevented: With the card
> in the reader, the PIN entered, and Eve having remote access to my
> machine, she could sign and decrypt documents.

Are you sure? On my setup, the smartcard seems to only allow one sign 
operation per pin-entry. Decryption, on the other hand seems to be allowed 
without re-authorisation until the card has been removed from the reader (or 
until it has been reset by another means).

More information about the Gnupg-users mailing list