use policy of the GnuPG-card

Andreas Heinlein aheinlein at
Thu Jul 13 14:30:37 CEST 2017

Am 13.07.2017 um 13:44 schrieb Andrew Gallagher:
> On 2017/07/13 11:49, Matthias Apitz wrote:
>> One problem comes obviously in mind: Someone with priv access to your workstation,
>> for example IT personal, could relatively easy steal your passwords, just setting your
>> environment and waiting for the moment that you have unlocked the card with the PIN;
>> than he/she could run as root:
> *snipped evil plan*
> Worse than that, they can keylog your PIN and use that to perform
> unlimited crypto operations using your smartcard whenever they detect it
> is plugged in. Or they can read decrypted passwords out of memory, or
> replace gpg with a version that copies everything it touches to a
> network connection. The possibilities are literally endless.
>> How is this supposed to be managed?
> Don't plug your smartcard into a computer that someone else has root
> access to. That's not flippant, that's the best you can do in principle.
> Smartcards can protect you against disclosure of your secret key, but
> not of data encrypted to that key. If you want to protect all the data
> encrypted by that key, then you still need to take all the precautions
> that you need to with any other method of secret key storage, and that
> means (amongst other things) don't decrypt your data on an untrusted
> machine.
> Remember, if someone else has root on your computer then it isn't your
> computer - it's theirs.
> A
+1 for that. If one can install software on a machine, one can
completely take it over. No way to prevent that.

For a private machine, you could encrypt the whole hard drive, making
attacks on the OS level require physical access two times: once for
installing a compromised boot loader that intercepts the password and
once again for decrypting the drive with the stolen password and
compromising the OS.

With physical access, there are still attack vectors using firmware or
hardware manipulation which also work with physical access only once.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170713/130ac507/attachment.sig>

More information about the Gnupg-users mailing list