"general purpose OS is fundamentally inadequate for trusted operations"

Peter Lebbing peter at digitalbrains.com
Sat Apr 22 13:12:53 CEST 2017

On 22/04/17 09:34, listo factor via Gnupg-users wrote:
> Consequently, the promotion of it's
> use is frowned upon primarily by those that are more interested
> in spreading the use of gpg for philosophical and political
> reasons among those that don't have any real adversaries,

I completely disagree with this assessment. It is a completely wrong
portrayal of the motives of people who warn about putting all your money
on a smartcard.

> rather
> than in the protection - however imperfect - of those that have
> real need for communication security.

So what real protection does it offer? If somebody has full access to
your general purpose PC, they can read your encrypted communication and
fake your signatures. Maybe faking signatures is something that would
leave a trail and will be noticed eventually, but what good does that do
you when your oppresive regime has just rounded up all your
collaborators and has them before a firing squad?!

The only thing they cannot do is make a copy of your key to use it
elsewhere; they are bound to your hacked PC for usage. I think there are
plenty threat models where the fact that they can read your encrypted
messages is far worse. And they can do that willy-nilly, by cleverly
using your smartcard for their own use while caching and providing the
session keys you are trying to decrypt. You don't even have to decrypt
the document they're interested in yourself, and no external push button
will save you. Just decrypt a document twice, and the second time, the
attacker can use your smartcard for their own good while providing the
session key they logged the first time for your decryption.

It feels like you are saying "if you have a real need for communication
security, a smartcard will make you more secure"; saying that much at
the least. And it is completely and utterly dependant on the threat model.

You accuse others of not caring about people with real threats, yet your
careless vague statements might encourage those people to place
inappropriate trust in their smartcard setup. I think you are the one
who is doing them a disservice, not people like Robert J Hansen who warn
that smartcards can't magically make you safe when your computer is


I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170422/a40cef73/attachment.sig>

More information about the Gnupg-users mailing list