New smart card / token alternative
Philipp Klaus Krause
pkk at spth.de
Tue Nov 7 08:29:57 CET 2017
Am 06.11.2017 um 23:26 schrieb vedaal at nym.hush.com:
>
>
> On 11/6/2017 at 4:55 PM, "Tim Steiner" <t at crp.to> wrote:
>
> \We have been working on a project to build a direct interface for
> PGP/GPG usage using U2F for web apps and browser extensions. This is
> similar to existing smart cards and tokens but no software install is
> required.
>
> We set out to solve this problem -"Man, I really wish I could read
> this PGP message, or send this message, or open this file, or sign
> this file, but I don't have my laptop with me"
>
> With this solution you can keep the key offline, carry it with you
> and it works even on a computer where you can't install software -
> https://www.kickstarter.com/projects/1048259057/onlykey-quantum-future-ready-encryption-for-everyo
>
> We are interested to hear feedback on this approach from the
> community.
>
> =====
>
> Using this on anything except your own computer, or laptop, is
> problematic, as the 'host' computer can have a key-logger or screen
> capturer, and copy the decrypted plaintext, or the plaintext to be
> encrypted.
I have often been insituations, where I had access to a friend's
computer, and you trust the friend and their computer skills enough to
handle a message on their computer.
A typical scenario might even be a sending a signed message where the
contents are intentionally known to that friend.
While I tend to carry my laptop with me often, not everyone does.
Philipp
More information about the Gnupg-users
mailing list