Communication with card reader encrypted?

Felix E. Klee felix.klee at
Sun Aug 26 09:48:31 CEST 2018

On Sun, Aug 26, 2018 at 12:31 AM, Dirk Gottschalk
<dirk.gottschalk1980 at> wrote:
> This is a really interesting question. But, does this really matter
> got an USB device? If there is a program on your computer, which
> interceps the communication, the security of you system is already
> broken.

I am more thinking about a hardware attack. If the communication is not
encrypted, this opens another attack vector. For comparison, think about
[key loggers][1]. Putting a hardware logger somewhere between the USB
peripheral device and the computer is potentially easier and quicker
than tampering with either the peripheral device or the computer.

Background: I want to put my SCM SPR332 v2 card reader into a different
enclosure, so that it’s more portable for [use with my mobile phone][2].
The very long cable also needs to be replaced. One option is to add a
USB port to the reader so that arbitrary cables can be used. This
thought coincided with me reading about [doctored USB cables][3]. I
don’t want to be required to trust three devices: phone, reader, and now

[3]: <

More information about the Gnupg-users mailing list