New smart card / token alternative

Philipp Klaus Krause pkk at
Tue Nov 7 08:29:57 CET 2017

Am 06.11.2017 um 23:26 schrieb vedaal at
> On 11/6/2017 at 4:55 PM, "Tim Steiner" <t at> wrote:
> \We have been working on a project to build a direct interface for
> PGP/GPG usage using U2F for web apps and browser extensions. This is
> similar to existing smart cards and tokens but no software install is
> required.
> We set out to solve this problem -"Man, I really wish I could read
> this PGP message, or send this message, or open this file, or sign
> this file, but I don't have my laptop with me"
> With this solution you can keep the key offline, carry it with you
> and it works even on a computer where you can't install software -
>  We are interested to hear feedback on this approach from the
> community.
> =====
> Using this on anything except your own computer, or laptop, is
> problematic, as the 'host' computer can have a key-logger or screen
> capturer, and copy the decrypted plaintext, or the plaintext to be
> encrypted.

I have often been insituations, where I had access to a friend's
computer, and you trust the friend and their computer skills enough to
handle a message on their computer.

A typical scenario might even be a sending a signed message where the
contents are intentionally known to that friend.

While I tend to carry my laptop with me often, not everyone does.


More information about the Gnupg-users mailing list