use policy of the GnuPG-card

Andrew Gallagher andrewg at andrewg.com
Thu Jul 13 13:44:42 CEST 2017


On 2017/07/13 11:49, Matthias Apitz wrote:
> 
> One problem comes obviously in mind: Someone with priv access to your workstation,
> for example IT personal, could relatively easy steal your passwords, just setting your
> environment and waiting for the moment that you have unlocked the card with the PIN;
> than he/she could run as root:

*snipped evil plan*

Worse than that, they can keylog your PIN and use that to perform
unlimited crypto operations using your smartcard whenever they detect it
is plugged in. Or they can read decrypted passwords out of memory, or
replace gpg with a version that copies everything it touches to a
network connection. The possibilities are literally endless.

> How is this supposed to be managed?

Don't plug your smartcard into a computer that someone else has root
access to. That's not flippant, that's the best you can do in principle.
Smartcards can protect you against disclosure of your secret key, but
not of data encrypted to that key. If you want to protect all the data
encrypted by that key, then you still need to take all the precautions
that you need to with any other method of secret key storage, and that
means (amongst other things) don't decrypt your data on an untrusted
machine.

Remember, if someone else has root on your computer then it isn't your
computer - it's theirs.

A

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170713/d41b31bf/attachment.sig>


More information about the Gnupg-users mailing list