Crypto device where I need to confirm every operation?
Faramir
faramir.cl at gmail.com
Fri Jan 23 03:56:41 CET 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
El 22-01-2015 a las 20:43, Robert J. Hansen escibió:
> Smartcards exist to keep private keys safe(r) from being stolen.
> They do a pretty good job of that. But when we expect smartcards
> to be able to somehow make a compromised environment safe to
> operate in, then we've crossed the line and turned them into magic
> crypto fairy dust.
Yes, but maybe you are missing an interesting point: if a smartcard
requires the user to push a button each time it has to issue a
signature (maybe the pin can be cached for a while, but still require
pushing a button means physical access to the device, not just some
remotely controled malware), and the card flashes a message saying "I
need you to push the button", when you are not requesting the card to
issue a signature, then you can realize your computer has been
compromized. Or if you issue a signature and then you get a message
about "do it again", ok, you can fall once, but not 500 times.
Some years ago, I got malware in my computer, and I detected it
when the firewall warned me about some program attempting to connect
to internet. The firewall was not intended to be a malware detector,
but when it requested me to create a rule for that unknown app, I got
aware about the problem and could take steps to solve it.
By the way, here (at Chile), the law recognizes 2 lvls of digital
signatures: the "advanced" digital signature, that is considered like
a handwritten signature (and requires a certificate in a smartcard,
issued by one of the 3 or 4 approved companies), and the "normal"
digital signature, which means the judge will determine the value of
that evidence (so, my signatures issued with GnuPG are in the same
level as a scanned picture of my handwritting... a bit unfair, IMHO).
In that context, I would not only want the smartcard to prevent my
private key from being stolen, I'd also like to know malware won't be
able to start signing 1000s of things without my approval.
Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBCAAGBQJUwbhpAAoJEMV4f6PvczxAO3QH/33wV8O/7KG73enX4edcnVfA
YCVHF5VIMyi11o/ZX24hpeMdEW0ZM6T2I74TUw+gECkG+3Icci6uaVBlNsTLSW/v
TWPzQJI6ahc1ATZlFCfWZ1BiUneBMoQSMxItp/BEJ22XKw2oaNSzQqsZ4fXRXHAO
uq0UtY/VtXSovhp0+4KEQe21c92Ko0RxiI1u4z1ihz0ytJhtDivzmJR7QpHQrbCE
Y7dKuoRUqv0jPu4AG+DzZBdwu3kRh5jz6ONU84bC0Y4HfPwJ83QXAfBDv0BOOnK+
uo18J1Xs9FOmWDRKgwOw2DYq8lMPFMakHI6DHO6yTT2EQutTe2xKk1bXHdwP+GA=
=yJ8z
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list