Communication with card reader encrypted?

Felix E. Klee felix.klee at
Sun Aug 26 11:12:32 CEST 2018

On Sun, Aug 26, 2018 at 10:41 AM, Peter Lebbing
<peter at> wrote:
> The OpenPGP smartcard and generic smartcard protocols do define
> "Secure Messaging", but I don't think this is commonly used for cabled
> OpenPGP smartcards.

Would be interesting to find out.

> I think you'll need to trust the cable anyway,

Well, if the cable is soldered to the reader, then it’s much harder to
tamper with. Swapping a replaceable cable requires much less effort.

Concerning key loggers for comparison: It is possible that the [attack
at TAZ][1] would not have happened had the attacker to tamper with the
victim’s keyboards, their computers, or their software.

I would not be surprised if you can find USB cables on Alibaba that
include sniffers and multiple GBs of flash memory for logging
everything, for debugging of course. ;)


More information about the Gnupg-users mailing list