Trezor - Could this be the model for a PGP crypto device?

NIIBE Yutaka gniibe at
Tue Mar 10 05:35:27 CET 2015

On 03/08/2015 12:09 AM, Felix E. Klee wrote:
> It’s not about the UI being pretty. What I like about Trezor is that
> it’s small yet has basically an external PIN pad, and every transaction
> has to be confirmed by the push of a button. So, unless there are
> backdoors (which also could be at chip level) or bugs, malware cannot
> sniff the PIN nor can it do unattended transactions.

Thanks for your explanation.  I see your point.

Confirmation push button would be a good idea, and I have been
considering how we can enhance the OpenPGPcard specification so that
we could do something like that for future implementation(s).

Still immature, but my current idea is something like following.
Basically, OpenPGPcard requires another authentication (confirmation)
to get the result of signing/decryption.

    Host PC                               OpenPGPcard
           command: PSO =>
                        <= response: 0x61<LENGTH>

               command: VERIFY with 0x84 or something different ==>
                        <= response: 0x9000 OK

           command: GET_RESPONSE ==>
                        <= response: <DATA> of result of PSO

I don't know if this kind of nested transaction is allowed or not in
ISO 7816.  If it's not allowed, there would be another way to do that.

My point is that: if it's ok protocolwise, the confirmation feature
can be implemented by OpenPGPcard using existing cardreader with

More information about the Gnupg-users mailing list